EP3482337B1 - Procédé d'échange de clés de chiffrement utilisant un dispositif d'accès - Google Patents

Procédé d'échange de clés de chiffrement utilisant un dispositif d'accès Download PDF

Info

Publication number
EP3482337B1
EP3482337B1 EP17828213.3A EP17828213A EP3482337B1 EP 3482337 B1 EP3482337 B1 EP 3482337B1 EP 17828213 A EP17828213 A EP 17828213A EP 3482337 B1 EP3482337 B1 EP 3482337B1
Authority
EP
European Patent Office
Prior art keywords
communication device
portable communication
transaction
luk
point
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
EP17828213.3A
Other languages
German (de)
English (en)
Other versions
EP3482337A2 (fr
EP3482337A4 (fr
Inventor
Christopher Dean
Christian Aabye
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Visa International Service Association
Original Assignee
Visa International Service Association
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Visa International Service Association filed Critical Visa International Service Association
Priority to EP21192249.7A priority Critical patent/EP3929788A1/fr
Publication of EP3482337A2 publication Critical patent/EP3482337A2/fr
Publication of EP3482337A4 publication Critical patent/EP3482337A4/fr
Application granted granted Critical
Publication of EP3482337B1 publication Critical patent/EP3482337B1/fr
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/06Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
    • H04L9/0618Block ciphers, i.e. encrypting groups of characters of a plain text message using fixed encryption transformation
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/06Network architectures or network communication protocols for network security for supporting key management in a packet data network
    • H04L63/068Network architectures or network communication protocols for network security for supporting key management in a packet data network using time-dependent keys, e.g. periodically changing keys
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0891Revocation or update of secret information, e.g. encryption key update or rekeying
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/321Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving a third party or a trusted authority
    • H04L9/3213Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving a third party or a trusted authority using tickets or tokens, e.g. Kerberos
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3234Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving additional secure or trusted devices, e.g. TPM, smartcard, USB or software token
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/02Protecting privacy or anonymity, e.g. protecting personally identifiable information [PII]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/03Protecting confidentiality, e.g. by encryption
    • H04W12/033Protecting confidentiality, e.g. by encryption of the user plane, e.g. user's traffic
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/03Protecting confidentiality, e.g. by encryption
    • H04W12/037Protecting confidentiality, e.g. by encryption of the control plane, e.g. signalling traffic
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/04Key management, e.g. using generic bootstrapping architecture [GBA]
    • H04W12/041Key generation or derivation
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/04Key management, e.g. using generic bootstrapping architecture [GBA]
    • H04W12/043Key management, e.g. using generic bootstrapping architecture [GBA] using a trusted network node as an anchor
    • H04W12/0431Key distribution or pre-distribution; Key agreement
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/04Key management, e.g. using generic bootstrapping architecture [GBA]
    • H04W12/047Key management, e.g. using generic bootstrapping architecture [GBA] without using a trusted network node as an anchor
    • H04W12/0471Key exchange
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/08Access security
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W4/00Services specially adapted for wireless communication networks; Facilities therefor
    • H04W4/80Services using short range communication, e.g. near-field communication [NFC], radio-frequency identification [RFID] or low energy communication
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2209/00Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
    • H04L2209/56Financial cryptography, e.g. electronic payment or e-cash
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2209/00Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
    • H04L2209/80Wireless
    • H04L2209/805Lightweight hardware, e.g. radio-frequency identification [RFID] or sensor

Definitions

  • Encryption keys that can be used to generate access data such as cryptograms are typically provisioned to portable communication devices over the air through cellular telephone networks. While such systems are effective, there are many portable communication device form factors that are capable of conducting access transactions, but are not capable of communicating with a remote provisioning server computer to receive such encryption keys. For example, payment cards, wearable devices such as rings and watches, and key fobs are capable of being used to conduct access transactions such as payment transactions as they may contain integrated circuits and short range communication capabilities (e.g. , RF ID chips). However, they cannot receive encryption keys directly from a remote provisioning server computer over a cellular network, because they do not have long range communication capabilities. Such devices are typically pre-loaded with any encryption keys that are needed to conduct access transactions at the time of manufacture.
  • a portable communication device may not be able to connect to the remote provisioning server computer.
  • cellular networks can go down or may be susceptible to dead zones (e.g. , within a building that cannot receive a cellular signal).
  • the portable communication device may not be able to retrieve the encryption keys needed to conduct access transactions. As a result, the user of the portable communication device would be prohibited from conducting the desired transaction.
  • US 7,024,553 B1 discloses a system and method for updating an encryption key for a wireless LAN.
  • US 2015/180836 A1 discloses cloud-based transaction methods and systems.
  • US 2003/108204 A1 discloses a system and method for secure replacement of high level cryptographic keys in a personal security device.
  • Embodiments of the invention address these and other problems, individually and collectively.
  • a method as defined by appended claim 1.
  • a portable communication device as defined by appended claim 5.
  • a method as defined by appended claim 6.
  • a point of sale terminal as defined by appended claim 11.
  • Embodiments of the invention can provide portable communication devices with encryption keys that can be used to generate access data such as cryptograms. This can be done even though the portable communication devices do not have long range communication capabilities and/or cannot access a remote provisioning server computer through a long range communication medium.
  • Some embodiments of the present invention provide techniques for enhancing the security of a communication device (e.g. , a portable communication device) when conducting a transaction using the communication device.
  • the techniques described herein can be used with a communication device that does not have a secure element.
  • Embodiments of the invention can instead use limited-use encryption keys that have a limited lifespan. Once expired, they can no longer be used to conduct a transaction until the limited-use encryption keys are replenished. Such replenishment need not rely on long range communication with a remote provisioning server computer.
  • the replenishment can occur via a short-range wireless communication or contact connection with an access device such as point of sale terminal.
  • portable communication devices such as wearable devices and payment cards may be provided with greater security, even though they may not have secure elements and/or remote, over-the-air communication capabilities.
  • One embodiment of the invention is directed to a method.
  • the method comprises initiating communication between a portable communication device comprising a token and a first limited use key, and an access device, and then receiving, by the portable communication device, from a remote server via the access device, a second limited use key.
  • the portable communication device is in short range communication or in contact with the access device.
  • the portable communication device then replaces the first limited use key with the second limited use key.
  • Another embodiment of the invention is directed to a portable communication device comprising a processor, and a computer readable medium.
  • the computer readable medium comprising code, executable by the processor to implement a method comprising: initiating communication between the portable communication device comprising a token and a first limited use key, and an access device; receiving from a remote server via the access device, a second limited use key, wherein the portable communication device is in short range communication or in contact with the access device; and replacing the first limited use key with the second limited use key.
  • Another embodiment of the invention is directed to a method.
  • the method includes communicating, by an access device, with a portable communication device comprising a token and a first limited use key, and then receiving, by the access device, a second limited use key from a remote server computer.
  • the access device then provides the second limited use key to the portable communication device.
  • the portable communication device is in short range communication or in contact with the access device.
  • Another embodiment of the invention is directed to an access device comprising a processor, and a computer readable medium.
  • the computer readable medium comprises code, executable by the processor, to implement a method comprising communicating with a portable communication device comprising a token and a first limited use key; receiving a second limited use key from a remote server computer; and providing to the portable communication device, the second limited use key.
  • the portable communication device is in short range communication or in contact with the access device.
  • a method for enhancing the security of a communication device when conducting a transaction using the communication device may include receiving, from an access device, a limited-use key (LUK) that is associated with a set of one or more limited-use thresholds that limits usage of the LUK.
  • the method may also include generating, by the communication device, a cryptogram using the LUK, and sending, by the communication device to an access device, a token instead of a real account identifier and the transaction cryptogram to conduct the transaction.
  • the transaction can be authorized based on at least whether usage of the LUK has exceeded the set of one or more limited-use thresholds.
  • a communication device may include a processor; and a memory coupled to the processor and storing a mobile application that performs operations for enhancing security of the communication device when conducting transactions using the communication device.
  • the operations may include receiving a limited-use key (LUK) that is associated with a set of one or more limited-use thresholds that limits usage of the LUK, generating a transaction cryptogram using the LUK, and sending a token instead of a real account identifier and the transaction cryptogram to conduct the transaction.
  • the transaction may be authorized based on at least whether usage of the LUK has exceeded the set of one or more limited-use thresholds.
  • LUK limited-use key
  • HCE (host card emulation) based token deployments do not rely on secure hardware to store tokens.
  • a limited use encryption key or "LUK" is provisioned to a mobile phone over the air along with a payment token.
  • the LUK may be used by the mobile phone to generate a cryptogram.
  • the cryptogram and the access token are passed from the mobile phone to an access device such a POS terminal.
  • the access device transmits the cryptogram and the access token to a remote server computer, which then validates the cryptogram and continues to processes the access token if the cryptogram is valid.
  • LUKs While conventional methods for delivering LUKs to mobile phones are effective, many other form factors are not capable of communicating with a provisioning server to receive the LUK.
  • payment cards, wearable devices such as rings and watches, and key fobs are capable of being used to conduct payment transactions as they may contain integrated circuits and short range communication capabilities (e.g., RF ID chips), but they are not capable of communicating with a remote provisioning server computer using a cellular network.
  • Embodiments of the present invention provide for methods that can be performed by communication devices that may or may not have secure elements.
  • the techniques described herein can utilize card emulation technology (e.g., Host Card Emulation (HCE), etc.) to emulate a smartcard on a communication device (e.g., a portable communication device) to allow a mobile application running on the portable communication device to conduct contactless transactions.
  • a mobile application can access the contactless interface (e.g., a near-field communication (NFC) transceiver) of the portable communication device via the operating system (OS) of the portable communication device without using a secure element.
  • the card emulation approach reduces the technical and commercial complexities for device issuers and/or data processors.
  • access data may instead be stored in a general memory of the portable communication device. As such, the access data may be susceptible to access by malware or viruses when stored in the portable communication device.
  • the techniques described herein provision a portable communication device with encryption keys that have a limited usage or lifespan. When the lifespan of the encryption keys is exhausted, the encryption keys can no longer be used to conduct valid access transactions.
  • new encryption keys are replenished to the portable communication device.
  • the new limited-use encryption keys provided to the portable communication device can be renewed or replenished by a payment network via access devices such as POS terminals during the lifetime of an account. Provisioning such limited-use encryption keys via access devices is desirable, especially in the case where the portable communication devices do not have the ability to connect to remote provisioning server computers over the air via long range communication networks such as cellular networks.
  • passive portable communication devices are already personalized and tokenized when they are made.
  • the limited use encryption key, or LUK, in a portable communication device may be updated by an NFC interaction with an access device such as a POS terminal.
  • the access device is able to cause the portable communication device to overwrite the existing, expired, LUK, with a new one obtained from a tokenization system.
  • Access devices can include this LUK update functionality into their firmware.
  • AID application identifier
  • the access device will cause the portable communication device to update the old LUK with a new LUK.
  • the new LUK may then be used to create a cryptogram, which can be used in an access transaction such as a payment transaction.
  • This "write" process that is conducted on the portable consumer device can be similar to an issuer-directed PIN-on-card update using a direct sequence of APDU (application protocol data units) commands.
  • APDU application protocol data units
  • a “communication device” may be a device that includes one or more electronic components (e.g., an integrated chip) that can communicate with another device.
  • a “portable communication device” be a communication device that can be transported and operated by a user. The portable communication device can be configured to transmit and receive data or communications to and from other devices.
  • a portable communication device may be in the form of a mobile device such as a mobile phone (e.g., smart phone, cellular phone, etc.), tablets, portable media player, personal digital assistant devices (PDAs), wearable computing device (e.g., watch or ring), electronic reader device, etc., or in the form of a card (e.g., smart card) or a fob, etc. Examples of portable communication devices may also include portable computing devices (e.g., laptops, netbooks, ultrabooks, etc.).
  • a "server computer” may include a powerful computer or cluster of computers.
  • the server computer can be a large mainframe, a minicomputer cluster, or a group of servers functioning as a unit.
  • the server computer may be a database server coupled to a Web server.
  • the server computer may be coupled to a database and may include any hardware, software, other logic, or combination of the preceding for servicing the requests from one or more client computers.
  • the server computer may comprise one or more computational apparatuses and may use any of a variety of computing structures, arrangements, and compilations for servicing the requests from one or more client computers.
  • An “issuer” may typically refer to a business entity (e.g., a bank) that maintains an account for a user that is associated with a portable communication device such as an account enrolled in a mobile application installed on a portable communication device.
  • An issuer may also issue account parameters associated with the account to a portable communication device.
  • An issuer is an example of an "authorizing entity” which may operate an authorizing entity computer.
  • Other examples of authorizing entities may include governmental agencies, transit agencies, etc.
  • An "access device” may be any suitable device that can access an external system.
  • An access device may be in any suitable form.
  • Some examples of access devices include POS devices, cellular phones, PDAs, personal computers (PCs), tablet PCs, hand-held specialized readers, set-top boxes, electronic cash registers (ECRs), automated teller machines (ATMs), virtual cash registers (VCRs), kiosks, security systems, access systems, Websites, and the like.
  • An access device may use any suitable contact or contactless mode of operation to send or receive data from, or associated with, a portable communication device.
  • any suitable POS terminal may be used and may include a reader, a processor, and a computer-readable medium.
  • a reader may include any suitable contact or contactless mode of operation.
  • exemplary card readers can include radio frequency (RF) antennas, optical scanners, bar code readers, or magnetic stripe readers to interact with a portable communication device.
  • RF radio frequency
  • Short range communication may include any suitable wireless communication between two devices that are local to each other.
  • short range communication mechanisms can allow communications where two devices when they are within 20 meters, 10 meters, 1 meter, or 10 centimeters or 1 centimeter apart, but may not allow communication between them if they are separated by more than this.
  • Such communication mechanisms may include NFC (near field communications), Bluetooth, Bluetooth Low Energy, Infrared, Wi-Fi, etc.
  • An "authorization request message” may be an electronic message that is sent to request authorization for a transaction.
  • the authorization request message can be sent to a payment processing network and/or an issuer of a payment card.
  • An authorization request message according to some embodiments may comply with ISO 8583, which is a standard for systems that exchange electronic transaction information associated with a payment made by a user using a payment device or payment account.
  • the authorization request message may include information that can be used to identify an account.
  • An authorization request message may also comprise additional data elements such as one or more of a service code, an expiration date, etc.
  • An authorization request message may also comprise transaction information, such as any information associated with a current transaction, such as the transaction amount, merchant identifier, merchant location, etc., as well as any other information that may be utilized in determining whether to identify and/or authorize a transaction.
  • the authorization request message may also include other information such as information that identifies the access device that generated the authorization request message, information about the location of the access device, etc.
  • An "authorization response message” may be an electronic message reply to an authorization request message.
  • the authorization response message can be generated by an issuing financial institution or a payment processing network.
  • the authorization response message may include, by way of example only, one or more of the following status indicators: Approval -- transaction was approved; Declinetransaction was not approved; or Call Center -- response pending more information, merchant must call the toll-free authorization phone number.
  • the authorization response message may also include an authorization code, which may be a code that a credit card issuing bank returns in response to an authorization request message in an electronic message (either directly or through the payment processing network) to the merchant computer that indicates approval of the transaction. The code may serve as proof of authorization.
  • a payment processing network may generate or forward the authorization response message to the merchant.
  • a "token” may include a substitute identifier for some information.
  • a payment token may include an identifier for a payment account that is a substitute for an account identifier, such as a primary account number (PAN).
  • PAN primary account number
  • a token may include a series of alphanumeric characters that may be used as a substitute for an original account identifier.
  • a token “4900 0000 0000 0001” may be used in place of a PAN "4147 0900 0000 1234.”
  • a token may be "format preserving" and may have a numeric format that conforms to the account identifiers used in existing payment processing networks (e.g., ISO 8583 financial transaction message format).
  • a token may be used in place of a PAN to initiate, authorize, settle or resolve a payment transaction.
  • the token may also be used to represent the original credential in other systems where the original credential would typically be provided.
  • a token value may be generated such that the recovery of the original PAN or other account identifier from the token value may not be computationally derived.
  • the token format may be configured to allow the entity receiving the token to identify it as a token and recognize the entity that issued the token.
  • a "real account identifier" may include an original account identifier associated with a payment account.
  • a real account identifier may be a primary account number (PAN) issued by an issuer for a card account (e.g., credit card, debit card, etc.).
  • PAN primary account number
  • a real account identifier may include a sixteen digit numerical value such as "4147 0900 0000 1234.”
  • the first six digits of the real account identifier (e.g., "414709”), may represent a real issuer identifier (BIN) that may identify an issuer associated with the real account identifier.
  • BIN real issuer identifier
  • Account parameters may refer to information relating to an account that can be used to conduct a transaction on the account. Examples of account parameters may include information that can be used to identify an account of the user (e.g., real account identifier, alternate account identifier, token, etc.), data or information relating to the status of the account, one or more keys that are used to generate cryptographic information, data or information relating to the one or more keys, etc.
  • An account parameter can be semi-static or dynamic.
  • a dynamic account parameter may be an account parameter that has a limited lifespan, and which once expired, can no longer be used to conduct a transaction until the account parameter is replenished, refreshed, or renewed.
  • a dynamic account parameter may be replenished frequently during the lifetime of an account.
  • a semi-static account parameter may be an account parameter that has an extended lifespan that is longer than a dynamic account parameter, and can be replenished less frequently than a dynamic account parameter or not at all during the lifetime of the account.
  • a "key” may refer to a piece of information that is used in a cryptographic algorithm to transform input data into another representation. Examples of keys may include encryption and decryption keys. Keys may also be symmetric or asymmetric.
  • a cryptographic algorithm can be an encryption algorithm that transforms original data into an alternate representation, or a decryption algorithm that transforms encrypted information back to the original data. Examples of cryptographic algorithms may include triple data encryption standard (TDES), data encryption standard (DES), advanced encryption standard (AES), etc.
  • a "cryptogram” may refer to an encrypted representation of some information.
  • a cryptogram can be used by a recipient to determine if the generator of the cryptogram is in possession of a proper key, for example, by encrypting the underlying information with a valid key, and comparing the result to the received cryptogram.
  • a “limited-use threshold” may refer to a condition that limits the usage of a piece of information.
  • a limited-use threshold may be exceeded or exhausted when the underlying condition is met.
  • a limited-use threshold may include a time-to-live that indicates an amount of time for which a piece of information is valid, and once that amount of time has elapsed, the limited-use threshold is exceeded or exhausted, and the piece of information may become invalid and may no longer be used.
  • a limited-use threshold may include a number of times that a piece of information can be used, and once the piece of information has been used for that number of times, the limited-use threshold is exceeded or exhausted, and the piece of information may become invalid and may no longer be used.
  • the transaction systems provides a set of functionalities to manage the deployment and usage of account parameters for transactions conducted using a portable communication device.
  • Account parameters may include a dynamic set of data and/or a semi-dynamic set of data.
  • the dynamic set of data may be limited-use in the sense that the dynamic set of data can be used for only a limited time or a limited number of transactions, and may need to be renewed, refreshed, updated, or replenished when the dynamic set of data has exhausted its limited usage.
  • the dynamic set of data may include a limited-use encryption key (LUK) that is used to generate a transaction cryptogram during a transaction.
  • LLK limited-use encryption key
  • the LUK may be associated with a set of one or more limited-use thresholds that limits the usage of the LUK, where once the usage of the LUK has exhausted or exceeded the set of one or more limited-use thresholds, a further transaction conducted using that LUK will be declined even if the underlying account is still in good standing.
  • the set of one or more limited-use thresholds to enforce can be determined, for example, by an issuer of the account or by a payments platform that provides the transaction service.
  • the LUK can be alternatively or additionally be used to encrypt any suitable data from the portable communication device for secure transmission to a remote server computer.
  • the set of one or more limited-use thresholds may include at least one of a time-to-live indicating the duration of time for which the LUK is valid, a predetermined number of transactions for which the LUK is valid, and/or a cumulative transaction amount indicating the total transaction amount summed across one or more transactions for which the LUK is valid, or any combination thereof.
  • a LUK may be valid for a time-to-live of five days, and a transaction conducted using that LUK after five days have elapsed since the LUK was generated may be declined.
  • a LUK may be valid for a predetermined number of five transactions, and a sixth transaction (and any subsequent transaction) conducted using that LUK may be declined.
  • a LUK may be valid for a cumulative transaction amount of five hundred dollars, and a transaction conducted using the LUK after that LUK has already been used for transactions totaling more than five hundred dollars may be declined.
  • the dynamic set of data may also include a key index that is associated with the LUK.
  • the key index may include information pertaining to the generation of the LUK. For example, the key index may be used as a seed to generate its corresponding LUK.
  • the key index may include time information (e.g., a timestamp) indicating when the LUK is generated, and/or may include a replenishment counter value indicating the number of times that the LUK has been renewed or replenished for a particular account, mobile application, or portable communication device.
  • the replenishment counter value may indicate the number of times the LUK has been replenished within a predetermined time period, and the replenishment counter value may reset when each predetermined time period elapses.
  • This predetermined time period may correspond, for example, to the smallest unit of time determinable from the time information, although other predetermined time periods can be used.
  • the counter value may indicate the number of times the LUK has been replenished in the hour.
  • the LUK may include an application transaction counter value indicating the number of transactions that has been previously conducted by a mobile application of the portable communication device at the time the LUK is generated, or may include a pseudo random number generated by a transaction service provider or by a suitable entity such as an issuer involved in processing the transaction.
  • the key index may include one or more pieces of information pertaining to the generation of the LUK, and that one or more or all pieces of information included in the key index may be used as a seed to generate the LUK.
  • the semi-static set of data may also include limited-use account parameters that have their own set of limited-use thresholds and/or own set of use restrictions.
  • an account identifier such as a PAN can be used and stored on the portable communication device, a PAN may be valid for the lifetime of an account and may be used for a wide range of different types of transactions (e.g., card present transactions, online transactions, etc.).
  • an alternate account identifier e.g., an alternate PAN
  • a token that is a substitute for an account identifier may be used.
  • An account may have one or more alternate account identifiers and/or tokens associated with the account.
  • Each alternate account identifier or token may be restricted to the type of transactions in which the alternate account identifier or token can be used. For example, an account may be associated with a first token that can only be used for online transactions and a second token that can only be used for transactions, and an online transaction conducted using the token will be declined.
  • Other types of use restrictions may include restrictions on what type of merchant or which merchant and/or which geographical location that the alternate account identifier or token can be used.
  • issuers of accounts may configure service portfolio characteristics to define the risk parameters and hence the limited-use thresholds of account parameters for accounts belonging to a particular portfolio.
  • the limited-use thresholds can be used to manage the triggers for refreshing or replenishing account parameters on a provisioned portable communication device.
  • several core functions are implemented in the system to manage the deployment and usage of the account parameters. These functions may include provisioning, active account management, verification for payment, transaction processing, lifecycle management, and post-payment processing.
  • FIG. 1 illustrates a transaction system 100, according to some embodiments.
  • the core components of transaction system 100 may include a token platform 180 to manage transactions conducted using portable communication device 101.
  • Token platform 180 may include a remote computer, and may be implemented using one or more server computers, and can be associated with or be operated by a service provider such as an issuer, payment processor, and/or other suitable entities.
  • Token platform 180 may manage accounts, provide verification functions for transactions, manage lifecycle messages from issuer/host system 172, as well as initiate lifecycle management events.
  • Token platform 180 may also implement a set of key management functions that manages issuer master derivation keys (MDKs) from which the limited-use keys (LUKs) are derived. Token platform 180 may implement a set of provisioning functions that manages the preparation and delivery of account parameters (e.g., alternate account identifier or token, initial LUK and associated key index, etc.) 170 for the initial setup of the mobile application 112 on portable communication device 101. Token platform 180 may also manage the accounts for processing by issuer/host system 172, and may perform active account management functions such as functions to generate account parameters based on requests or the risk profile of the account per token platform 180 risk management parameters. Token platform 180 may also maintain the account status for each account, and manage the replenishment or refreshing of the account parameters.
  • MDKs issuer master derivation keys
  • LUKs limited-use keys
  • token platform 180 may also implement or be provided with access to a token service 182 and/or a token vault 184.
  • Token service 182 can be implemented as a software module or as a server computer, and can be used to generate, process, and maintain tokens, which are substitute identifiers for account identifiers.
  • a token can be used instead to identify the account.
  • a token may have its own set of use restrictions, and token service 182 may manage the deployment and usage of the tokens according to their use restrictions.
  • Token service 182 may be in communication with token vault 184 where the generated tokens are stored.
  • token vault 184 may maintain a mapping between a token and the real account identifier (e.g., PAN) represented by the token.
  • token vault 184 may be queried to retrieve the real account identifier or PAN associated with the token.
  • the token vault 184 may be implemented as a database or database server.
  • portable communication device 101 can be used to conduct transactions facilitated by token platform 180.
  • the components in portable communication device 101 may include device hardware 104, a mobile operating system (OS) 114, and an applications environment 110 in which mobile application 112 may reside.
  • Device hardware 104 may include a contactless interface 108 that can interact with a contactless reader 162 of an access device 160.
  • Examples of contactless interface 108 may include one or more radio frequency (RF) transceivers that can send and receive communications using near-field communications (NFC), or other radio frequency or wireless communication protocols such as Bluetooth, Bluetooth low-energy (BLE), Wi-Fi, iBeacon, etc.
  • RF radio frequency
  • contactless interface 108 may include an optical interface (e.g., a display screen) to present payment information in the form of an image such as a quick response (QR) code, or bar code, etc. to contactless reader 162 of access device 160 when contactless reader 162 includes an optical code scanner or reader.
  • an optical interface e.g., a display screen
  • QR quick response
  • bar code bar code
  • Applications environment 110 of portable communication device 101 may host a mobile application 112 provided by a mobile application provider.
  • mobile application 112 may be a mobile banking application or a separate mobile payment application.
  • the provider is a mobile wallet provider such as a mobile network operator or third-party wallet provider that supports multiple issuers, mobile application 112 may be a mobile wallet application.
  • mobile application 112 may include on-device transaction software 113 (e.g., can be in the form of a software developer kit (SDK)) integrated into mobile application 112 to support transaction functionalities.
  • the on-device transaction software 113 may perform functions to facilitate transactions such as to take the account parameters (e.g., LUK and associated key index), generate transaction cryptograms, and deliver them to mobile operating system (OS) 114 for transmission over contactless interface 108.
  • the on-device transaction software 113 may also manage the initial service profile parameters (e.g., limited-use thresholds) that are provided after an account has been provisioned to ensure that requests for account parameter replenishment and activities are initiated and executed.
  • initial service profile parameters e.g., limited-use thresholds
  • Mobile application 112 may perform functions to manage the risk profile of the account, maintain the account status, and replenish account parameters for each account based on the on-device threshold management parameters.
  • Mobile application 122 may also provide consumer device cardholder verification method (CDCVM) functions for transactions, and perform a set of functions that processes and responds to messages in support of post-payment processing to limit the exposure of account parameters stored on the portable communication device.
  • CDCVM consumer device cardholder verification method
  • post-payment processing may include periodic post-payment verification of payment transactions or using post-payment information to validate account parameters replenishment requests.
  • portable communication device 101 may include a mobile operating system (OS) 114 that implements a set of card emulation application programming interfaces (APIs) 116 such as host card emulation (HCE) APIs to allow mobile application 112 to gain access to contactless interface 108 without requiring the use of a secure element.
  • OS mobile operating system
  • APIs card emulation application programming interfaces
  • HCE host card emulation
  • card emulation APIs 116 may be coded for and be executed from mobile operating system (OS) 114 of portable communication device 101, and may include programming function calls to allow mobile application 112 to receive, process, and respond to transaction communications such as Application Protocol Data Unit (ADPU) commands sent from contactless reader 162.
  • OS mobile operating system
  • ADPU Application Protocol Data Unit
  • portable communication device 101 can conduct transactions by interacting with contactless reader 162 of access device 160 (e.g., at a merchant point-of-sale (POS) location).
  • Contactless reader 162 may include one or more RF transceivers that can send and receive communications using NFC or other radio frequency or wireless communication protocols such as Bluetooth, BLE, Wi-Fi, iBeacon, etc.
  • contactless reader 162 may include an optical code scanner or reader to conduct transactions using QR codes, bar codes, etc.
  • Access device 160 may also include a POS acceptance device 164 and/or electronic cash register 166.
  • a contactless reader 162 and a contactless interface 108 are illustrated in FIG. 1 , it is understood that embodiments of the invention may include contact readers and contact interfaces.
  • a user of portable communication device 101 may place portable communication device 101 in proximity to contactless reader 162 of access device 160, or display an image such as a QR code or bar code on a screen of portable communication device 101 for scanning by contactless reader 162 of access device 160.
  • Portable communication device 101 may provide access device 160 with an identifier (e.g., an alternate PAN, a token, etc.) to identify the account of the user and additional information such as the limited-use account parameters or information derived from the limited-use account parameters (e.g., transaction cryptograms generated from an LUK).
  • an identifier e.g., an alternate PAN, a token, etc.
  • an account identifier or token, and additional information can be transmitted to access device 160 in APDU responses that are responsive to a series of APDU commands received from access device 160.
  • Access device 160 or a merchant computer coupled to access device 160 may then generate an authorization request message including the account identifier or token, and additional information such as a transaction cryptogram and other transaction data.
  • Access device 160 may then forward the authorization request message to a transport computer 174 of an acquirer associated with the merchant.
  • the authorization request message can then be sent by transport computer 174 to processing network 194.
  • Processing network 194 may include data processing subsystems, networks, and operations used to support and deliver authorization services, exception file services, transaction scoring services, and clearing and settlement services.
  • An exemplary payment processing network may include VisaNetTM.
  • Payment processing networks such as VisaNetTM are able to process credit card transactions, debit card transactions, and other types of commercial transactions.
  • VisaNetTM in particular, may include a VIP system (Visa Integrated Payments system) which processes authorization requests and a Base II system which performs clearing and settlement services.
  • processing network 194 may forward the authorization request message received from transport computer 174 to the issuer/host system 172 of the account of the user of portable communication device 101.
  • issuer/host system 172 receives the authorization request message, the authorization request message may be parsed, and the information in the authorization request message may be verified. For example, issuer/host system 172 may verify that the transaction cryptogram was generated by a valid LUK, and that the set of one or more limited-use thresholds associated with the LUK has not been exceeded. In some embodiments, some or all of the information in the authorization request message can also be sent to the token platform 180 for verification and processing.
  • issuer/host system 172 may forward the transaction cryptogram to token platform 180 for verification.
  • the verification of the cryptogram may have taken place before the authorization request message is received by the issuer/host system 172.
  • the issuer/host system 172 decides if the transaction is authorized or not, it generates an authorization response message to indicate if the current transaction is authorized or not.
  • the authorization response message is then sent back to processing network 194 by the issuer/host system 172.
  • Processing network 194 then sends the authorization response message back to the transport computer 174.
  • processing network 194 may decline the transaction even if issuer/host system 172 has authorized the transaction (e.g., if a fraud risk score is too high or if limited-use account parameters are exceeded).
  • Transport computer 174 then sends the authorization response message to the merchant computer and/or access device 160.
  • the authorization response results which may include transaction data for the transaction can be displayed by access device 160, or be printed out on a physical receipt.
  • a clearing process is a process of exchanging financial details between an acquirer and an issuer to facilitate posting to a user's payment account and reconciliation of the user's settlement position.
  • the portable communication device can be used to conduct a contactless transaction, e.g., by placing portable communication device in proximity to a contactless reader of an access device.
  • a contactless transaction conducted using the techniques described herein can be processed as if the transaction is being performed with an integrated chip card (referred to as "integrated chip based transaction"), or as if the transaction is being performed with a magnetic stripe card (referred to as "magnetic stripe based transaction").
  • the contactless transaction times using the card emulation techniques described herein may be similar to those of secure element based implementations. For example, in some embodiments, a contactless transaction using card emulation may take less than 500 milliseconds to complete.
  • FIG. 2 illustrates an example communication flow between a portable communication device 201 and an access device 260 during an integrated chip based transaction.
  • the communication flow may include the exchange of multiple messages between a payment device and an access device using near field communications technology for a single payment transaction.
  • there may be multiple messages e.g., at least six or eight messages that pass between the portable communication device 201 and the access device 260 in a single physical interaction (e.g., a tap) between the devices) through a wireless communication medium using a short range communication protocol or mechanism.
  • the communications can be in the form of ADPU commands and responses. However, it should be understood that other messages, messaging protocols, or formats can be used to exchange information to conduct the transaction.
  • the communications can be carried out between a mobile application running on portable communication device 201 and a contactless reader of access device 260.
  • the access device 260 detects the presence of portable communication device 201 in proximity to a contactless reader of access device 260.
  • the access device 260 may send an available applications request S202 to portable communication device 201 to request information on which payment application(s) (e.g., a list of AID(s)) may be available on the mobile application of portable communication device 201.
  • the available application(s) request S202 may be in the form of a select PPSE command.
  • the available applications request S202 may include a payment environment identifier (e.g., a PPSE name such as "2PAY.SYS.DDF01”) to identify the payment environment supported by access device 260 and the mobile application.
  • the mobile application of portable communication device 201 may identify and process the request by recognizing the payment environment identifier (e.g., PPSE name) included in the request, and respond by sending an available applications response S204 back to access device 260.
  • the available applications response S204 may include a list of available AIDs, and may include the payment environment identifier (e.g., PPSE name) as the dedicated file name.
  • the available applications response S204 may be in the form of a select PPSE response and may include PPSE file control information (FCI).
  • FCI PPSE file control information
  • the available applications response S204 may include a directory entry for each available AID.
  • the mobile application may respond with a single directory entry for the supported AID. If the mobile application supports an account with multiple AIDs, the mobile application may respond with a directory entry for each of the supported AIDs. Each directory entry may include information such as the AID, an application label associated with the AID (e.g., a mnemonic associated with the AID), an application priority indicator indicating the priority of the AID, a kernel identifier indicating the application's kernel preference, and/or additional information relating to the particular AID.
  • the available application(s) response s204 may also include other data such as FCI issuer discretionary data.
  • access device 204 may select a suitable application from the list of applications received in the available applications response S204 (e.g., by selecting an AID from the available AID(s) received in the available application(s) response S204).
  • the selected AID can be the highest priority AID available on the mobile application that is supported by access device 260.
  • Access device 260 may send an application selection S206 with the selected AID to the mobile application of portable communication device 201 to continue the transaction.
  • the application selection 206 can be in the form of a select AID command.
  • the mobile application of portable communication device 201 may send a terminal transaction data request S208 to request transaction data from access device 260 which may be needed to execute the transaction using the selected application/AID.
  • the terminal transaction data request S208 may be in the form of a select AID response and may include AID file control information (FCI) with the selected AID as the dedicated file name.
  • FCI AID file control information
  • the terminal transaction data request S208 may include a list of transaction data identifiers to request the appropriate data from access device 260, and the list of transaction data identifiers can be in the form of a processing options data object list (PDOL).
  • PDOL processing options data object list
  • the transaction data requested by the mobile application for the transaction may include terminal transaction qualifiers (TTQ), authorized amount, other amount, terminal country code, terminal verification results, transaction currency code, transaction data, transaction type, and/or an unpredictable number.
  • TQ terminal transaction qualifiers
  • the terminal transaction data request S208 may also include other data such as FCI issuer discretionary data, application program identifier, and language preference.
  • access device 260 may send, to the mobile application of portable communication device 201, the terminal transaction data S210 requested by the mobile application.
  • the terminal transaction data S210 may be sent in the form of a get processing options (GPO) command, and may include the requested terminal transaction data in a processing options data object list (PDOL).
  • the terminal transaction data S210 e.g., terminal transaction qualifiers (TTQ)
  • TQ terminal transaction qualifiers
  • the terminal transaction data S210 may include a transaction type indicator indicating whether access device 260 supports integrated chip based transactions or magnetic stripe based transactions.
  • access device 260 may send a transaction type indicator in the terminal transaction data S210 to indicate that access device 360 supports integrated chip based transactions.
  • the terminal transaction data S210 may also include a consumer verification method (CVM) requirement indicator to indicate whether a CVM is required by access device 260 for the transaction, and also one or more CVM type indicators indicating the types of CVM supported by access device 260.
  • CVMs that may be supported by access device 260 can include online PIN, signature, and/or consumer device CVM (CDCVM) such as a passcode used on portable communication device 201 to unlock the screen or mobile application.
  • CDCVM consumer device CVM
  • the mobile application of portable communication device 201 may increment its Application Transaction Counter (ATC), generate dynamic transaction processing information using at least some of the received terminal transaction data S210, and send a set of transaction processing information S212 including the generated dynamic transaction processing information to access device 260.
  • ATC Application Transaction Counter
  • the transaction processing information S212 can be sent as a GPO response.
  • the transaction processing information S212 may include application file locators (AFLs) that can be used as file address(es) by access device 260 to read account data stored on portable communication device 201, and an application interchange profile (AIP) that can indicate the capabilities of the mobile application.
  • AFLs application file locators
  • AIP application interchange profile
  • the transaction processing information S212 may include a transaction cryptogram dynamically generated using the LUK, track-2 equivalent data, and addition data such as issuer application data (IAD), form factor indicator (FFI), card transaction qualifiers (CTQ), cryptogram information data (CID), the updated ATC, and/or an application PAN sequence number (PSN).
  • issuer application data IAD
  • the issuer application data may include a length indicator indicating the length of the IAD, cryptogram version number (CVN) indicating the version of the transaction cryptogram, a derived key indicator (DKI) that can be used to identify a master key (e.g. a master key associated with the issuer used in generation of the LUK), card verification results (CVR), a wallet provider ID, and/or derivation data such as the key index that was used in the generation of the LUK.
  • the card verification results may include information about the CVM verifying entity and the CVM verified type for the transaction.
  • the CVM verifying entity is used to indicate which entity is performing the verification of the CVM for the transaction.
  • the verification entity may be the access device (or terminal), a co-residing secure application, a trusted execution environment application, the mobile application itself, a remote server (e.g., the cloud), or the mobile operating system.
  • the CVM verified type is used to indicate the CVM method used for the transaction.
  • the CVM method may be a passcode, biometric (e.g., fingerprint), pattern lock (e.g., for a screen lock), signature, or online PIN.
  • the CVM verifying entity and the CVM verified type can be set according to the configuration parameters of the account. For example, if the account supports CVM using a passcode that is verified by the mobile operating system of portable communication device 201, the CVM verifying entity can be set to the mobile operating system, and the CVM verified type can be set to indicate that the CVM is a passcode.
  • a CDCVM performed indicator can be included in the card transaction qualifiers (CTQ) to indicate whether the CVM verifying entity has successfully verified the user using the CDCVM indicated by the CVM verified type.
  • the CVM verifying entity and the CVM verified type can be set to indicate that no CVM was verified.
  • the form factor indicator may include information about portable communication device 201, such as a form factor indicator version number indicating the version of the form factor indicator, an indicator indicating the device type, and device feature indicators indicating what features are supported by portable communication device 201.
  • the form factor indicator may indicate that portable communication device 201 is a standard card (e.g., ID-1 card type as specified in ISO 7811), a mini-card, a non-card form factor (e.g., key fob, watch, wristband, ring, sticker, etc.), or a mobile phone.
  • the feature indicators may indicate whether portable communication device 201 is capable of using a passcode (can be separate from a PIN that is used during transactions), has a signature panel, has a hologram, has support for card verification values (e.g., CVV2), is capable of two-way messaging to exchange identifying information between the issuer and the user, and/or has support for using credentials (e.g., LUK, token, etc.).
  • a passcode can be separate from a PIN that is used during transactions
  • has a signature panel has a hologram
  • card verification values e.g., CVV2
  • credentials e.g., LUK, token, etc.
  • access device 260 may send an account data request S214 to the mobile application of portable communication device 201 to read additional account data that may be stored on portable communication device 201.
  • the account data request S214 may be in the form of a read record command, and may include an application file locator (AFL) indicating the address or location of the account data that access device 260 is attempting to read.
  • AFL application file locator
  • the AFL included in the account data request S214 may correspond to an AFL in the transaction processing information S212 provided from portable communication device 201.
  • portable communication device 201 may send the account data S216 stored at the location indicated by the AFL to access device 260.
  • the account data S216 may be sent in the form of a read record response.
  • the account data S216 may include, for example, application usage control that indicates the issuer's restrictions on the usage and services allowed for the application, the cardholder's name, customer exclusive data, issuer country code, token requester ID (e.g., if a token is used), and/or other account related data that is accessible at the AFL location.
  • any of the communications (e.g., any of steps S204, S208, 2012, or S216) from the portable communication device 201 may include an indication that the current LUK (an example of a first limited use key) present on the portable communication device is expired or otherwise needs to be replenished.
  • the portable communication device 201 can do this on its own or may do this in response to a query from the access device 260 (e.g., in steps S202, S206, S210, and/or S214).
  • the access device 360, the portable communication device 201, or a remote computer may send a request for a new LUK (an example of a second limited use key) to the token platform 180 via the transport computer 174 and/or the processing network 194.
  • the token platform 180 may then respond with a new LUK which may be sent to the access device 160, 260 via the processing network 194 and/or the transport computer 174.
  • the access device 160, 260 may provide it to the portable communication device 101, 201 in any of the steps shown in FIG. 2 (e.g., in steps S202, S206, S210, and/or S214).
  • the access device 160, 260 may be in short range communication (e.g., via NFC, Bluetooth or Wi-Fi) or in contact with the portable communication device 101, 201 when the new LUK is received by the portable communication device 101, 201 from the access device 160, 260. After the portable communication device 101, 201 has received the new LUK, the portable communication device 101, 201 may then write the new LUK over the prior LUK. The new LUK may then be used to generate cryptograms for subsequent transactions conducted by the portable communication device 101, 201.
  • the access device 260 may query a transaction verification log (described below) in the portable communication device 201 to determine a current status of the LUK on the portable communication device 201.
  • the access device 260 may check the value of a key index (which indicates when the current LUK was generated), a timestamp and/or a transaction counter on the portable communication device 201 and may come to a determination that the LUK is expired or about to expire. LUK expiration parameters may be stored on the access device 260 to make this determination.
  • the access device 260 may send a request to a remote computer (e.g., in the processing network, token platform, or host system) for the new LUK before continuing with the actual payment transaction messaging. After the access device 260 receives the new LUK, it may provide it to the portable communication device 201, and the transaction messaging may begin where it left off, or the entire sequence of messaging may start over. If the access device 260 determines that the LUK is about to expire but can be used for the current transaction, then the access device 260 may include an indicator indicating that a LUK replacement is needed in an authorization request message to the remote computer.
  • a remote computer e.g., in the processing network, token platform, or host system
  • the remote computer may then provide the new LUK in an authorization response message to the access device 260.
  • the access device 260 may not make any determination as to whether or not the current LUK on the portable communication device 201 is expired or is about to expire. In other embodiments, a remote computer may make this determination.
  • the new LUK is provided during an actual payment transaction process.
  • the user may use the portable communication device to interact with an access device to obtain a new LUK for the portable communication device in a transaction that is only intended to update the LUK (and is not a payment transaction).
  • HCE still can use limited use keys to be refreshed at a time defined by the issuer ⁇ commonly a cumulative transaction amount, a number of transactions, a set amount of time ⁇ or a combination of all three. This can be achieved in a number of ways, and it is preferred that the end user experience be non-intrusive or invisible to the user.
  • an issuer may configure account logic to use a fixed transaction count as an LUK guard rail.
  • Terminal or access device firmware can be updated with additional logic to be able to identify the particular portable communication device type (e.g., wearable device type), as well as connectivity to the tokenization system and the ability to perform pre-payment actions.
  • data such as a token cryptogram is presented to the terminal, which knows locally, for that device type, that it is about to meet or exceed its transaction or time limit, or it can pass this information to the issuer as part of an ARQC (authorization request cryptogram) payload.
  • ARQC authority request cryptogram
  • the access device or the POS terminal can communicate with the token service system as a trusted connection and retrieve a new LUK appropriate for that wearable and that token/PAN. The access device or POS terminal can then prompt the user with an appropriate message to tap again to complete the transaction, while updating the LUK via NFC.
  • the access device or the POS terminal passes the token cryptogram in the clear along with other ARQC data.
  • the issuer approves the transaction and sends a new LUK back down to the terminal.
  • the access device or POS terminal displays or provides a successful transaction message to the user, but asks the user to tap their wearable or other portable communication device one additional time against the terminal to complete the updating of the portable communication device.
  • FIG. 3 shows a flow diagram illustrating an embodiment of the invention.
  • a new LUK is requested through an access device prior to the transmission of an authorization request message for the transaction to a host system.
  • FIG. 3 shows a portable communication device 310, an access device 320, a processing network 330, and a host system 340, each in operative communication with each other.
  • entities e.g., the token platform and a transport computer
  • FIG. 3 shows a portable communication device 310, an access device 320, a processing network 330, and a host system 340, each in operative communication with each other.
  • other entities e.g., the token platform and a transport computer
  • step S302 a transaction is initiated between the portable communication device 310 and the access device 320.
  • the portable communication device 310 may be tapped against a reader in the access device 320. In some embodiments, this can start the series of messages that pass between the portable communication device 310 and the access device as shown in FIG. 2 .
  • the access device 320 requests data from the portable communication device 310.
  • the request for data may occur in any of the messages that pass from the access device 260 to the portable communication device 201 in FIG. 2 (e.g., steps S202, S206, S210, S214).
  • the request may be a stand-alone request that is separate from the messages illustrated in FIG. 2 .
  • step S306 the portable communication device 310 transmits an LUK status to the access device 320.
  • the current LUK status may be passed in any of the messages from the portable communication device 310 to the access device 260 in FIG. 2 (e.g., steps S204, S208, S212, S216).
  • the request may be a stand-alone request that is separate from the messages illustrated in FIG. 2 .
  • the access device 320 transmits an LUK update request to the processing network 330 after the access device 320 (and/or the portable communication device 310) determines that the current LUK on the portable communication device 310 is expired or will expire soon.
  • the LUK update request may be in the form of an authorization request message such as an ISO 8583 message, but may contain no amount, zero dollars, or a nominal amount (e.g., $0.03) to indicate that it is not requesting authorization for a transaction, but is requesting a new LUK. It may alternatively including an indicator (e.g., a flag) which indicates that it is requesting an LUK and is not seeking transaction approval.
  • the LUK update request may also include a token that corresponds to the current LUK.
  • the processing network 330 may perform an evaluation to determine if the portable communication device 310 is authorized to receive a new LUK (e.g., by checking the current transaction data to determine if it does or does not suggest fraud, and/or verifying that the current LUK is in fact expired or about to expire).
  • the processing network 330 may also communicate with a token platform (e.g., token platform 180 in FIG. 1 ) and/or an issuer/host system (e.g., host system 172 in FIG. 1 ) to determine if a new LUK can be issued.
  • the processing network 330 may supply the token in the LUK update request to the token platform 180.
  • the real account identifier may be determined using the token.
  • step S310 after the processing network 330 receives the LUK request and determines that a new LUK can be issued, the processing network 330 transmits an LUK response with the new LUK to the access device 320.
  • the processing network 330 may also store information regarding the issuance of the new LUK for later transaction processing.
  • step S312 after the access device 320 receives the LUK response, the access device 320 transmits the new LUK to the portable communication device 310.
  • the access device 320 may request that the user present the portable communication device 310 to the access device 320 to receive the new LUK.
  • the portable communication device 310 may then store the new LUK in favor of the previously stored LUK.
  • the previously stored LUK may be deleted so that it may not be re-used.
  • step S314 after the portable communication device 310 receives the new LUK, the portable communication device 310 can then be used to initiate an authorization process for the current transaction.
  • the access device 320 may prompt the user to place the portable communication device 310 near the access device 320 again.
  • a series of message exchanges between the portable communication device 310 and the access device 320, such as those described above with respect to FIG. 2 may then take place.
  • the portable communication device 310 may generate a cryptogram using the new LUK, and can transmit the cryptogram and the token corresponding to the new LUK to the access device 320.
  • the token may be a static or semi-static token which may have been previously stored on the portable communication device 310.
  • step S316 the access device 320 transmits an authorization request message with the token, the cryptogram, and a transaction amount to the processing network 330
  • the processing network 330 may receive the authorization request, and may then determine a real account identifier associated with the token in the authorization request message. It may do so by communicating with the previously described token platform. Once the real account identifier is received by the processing network 330, it may modify the authorization request message so that it contains the real account identifier.
  • the processing network 330 may also verify that the cryptogram that was generated with the new LUK that was received with the token is valid, and that the particular transaction being conducted is also consistent with the permissions provided by the cryptogram generated by the new LUK.
  • a computer in the processing network 330 may independently generate a cryptogram from an independently generated LUK (using previously stored information) or a stored copy of the current LUK that is present on the portable communication device 310, and may compare the independently generated cryptogram with the cryptogram received in the authorization request message.
  • step S3108 after the processing network 330 determines that the transaction being conducted is valid for the token and the cryptogram, the processing network 330 may transmit the authorization request message with the real account identifier, optionally the cryptogram or validation data associated with the cryptogram, and the transaction amount to the host system 340.
  • the host system 340 may thereafter determine if the transaction should or should not be authorized.
  • the host system 340 could independently verify that the transaction being conducted is consistent with the cryptogram. In such embodiments, the host system 340 may have received the information needed to verify the cryptogram from the processing network 330.
  • the host system 340 may also perform its own transaction security checks (e.g., fraud checks) and may determine if the user has sufficient credit or funds to fund the transaction. After the host system 340 has made this determination, the host system 340 may then generate an authorization response message.
  • step S320 the host system 440 may then transmit the authorization response message back to the processing network 322.
  • the processing network 330 may retrieve the token associated with the real account identifier from the token platform, and may generate a modified authorization response message with the token.
  • step S322 after the modified authorization response message is generated, the processing network 430 may transmit the modified authorization response message to the access device 420.
  • a clearing and settlement process can take place between the processing network S430, a transport computer (not shown), and the host system 440.
  • FIG. 4 shows another embodiment of the invention.
  • FIG. 4 shows the portable communication device 410 obtaining a new LUK from a processing network during an authorization process.
  • FIG. 4 shows a portable communication device 310, an access device 320, a processing network 330, and a host system 340, each in operative communication with each other.
  • the process shown in FIG. 4 is efficient, as it involves a reduced number of steps compared to the embodiment in FIG. 3 .
  • other entities e.g., the token platform and a transport computer
  • such entities may optionally be present in the flow as described above with respect to FIG. 1 .
  • step S402 a transaction is initiated by the portable communication device 410 and the access device 420.
  • the portable communication device 310 may be tapped against a reader (or otherwise interact with the reader) in the access device 320. In some embodiments, this can start the series of messages that pass between the portable communication device 310 and the access device as shown in FIG. 2 .
  • the access device 420 requests data from the portable communication device 410.
  • the request for data may occur in any of the messages that pass from the access device 260 to the portable communication device 201 in FIG. 2 (e.g., steps S202, S206, S210, S214).
  • the request may be a stand-alone request that is separate from the messages illustrated in FIG. 2 .
  • step S406 a series of message exchanges between the portable communication device 310 and the access device 320, such as those described above with respect to FIG. 2 may then take place.
  • the portable communication device 410 may generate a cryptogram using the first LUK, and can transmit the cryptogram and the token corresponding to the new LUK, as well as the LUK status of the current LUK on the portable communication device 410 to the access device 420.
  • the token may be a static or semi-static token which may have been previously stored on the portable communication device 410.
  • the access device 420 or the portable communication device 410 may have determined that the current LUK on the portable communication device 410 may expire soon or with the current transaction.
  • the access device 420 may obtain an indicator to this effect, or may generate its own indicator and may include it in an authorization request message.
  • the authorization request message may also include the token, the cryptogram generated using the current LUK, as well as a transaction amount.
  • neither the access device 420 nor the portable communication device determines that a new LUK is needed.
  • a remote computer may make this determination on its own and may provide a new LUK in an authorization response message.
  • the access device 420 transmits the authorization request message to the processing network 430
  • the processing network 430 may receive the authorization request, and may then determine a real account identifier associated with the token in the authorization request message. It may do so by communicating with the previously described token platform. Once the real account identifier is received by the processing network 430, it may modify the authorization request message so that it contains the real account identifier.
  • the processing network 430 may also store the indicator that a new LUK is needed for the portable communication device 410.
  • the processing network 430 may also verify that the cryptogram that was generated with the current LUK that was received with the token is valid, and that the particular transaction being conducted is also consistent with the permissions provided by the cryptogram generated by the current LUK.
  • a computer in the processing network 330 may independently generate a cryptogram from an independently generated LUK (using previously stored information) or a stored copy of the current LUK that is present on the portable communication device 310. The computer in the processing network 330 may also compare the independently generated cryptogram with the cryptogram received in the authorization request message to verify the received cryptogram.
  • the processing network 430 may transmit the authorization request message with the real account identifier, optionally the cryptogram, and the transaction amount to the host system 440.
  • the host system 440 may thereafter determine if the transaction should or should not be authorized.
  • the host system 440 could independently verify that the transaction being conducted is consistent with the cryptogram.
  • the host system 440 may also perform its own transaction security checks (e.g., fraud checks) and may determine if the user has sufficient credit or funds to fund the transaction. After the host system 440 has made this determination, the host system 440 may then generate an authorization response message.
  • the host system 440 may then transmit the authorization response message back to the processing network 322.
  • the authorization response message may include the real account identifier and data indicating an approval or denial of the transaction. If the access device 420 or the portable communication device 410 determined that a new LUK was needed by the portable communication device 410, then the authorization response message may also include the indicator to generate a new LUK if the processing network 322 did not previously store it.
  • step S414 after the processing network 330 receives the authorization response message, the processing network 330 may retrieve the token associated with the real account identifier, and may generate a modified authorization response message.
  • the processing network 330 may also determine a new LUK and may modify the authorization response message to include the token and the new LUK.
  • the processing network 330 may communicate with the token platform to verify that a new LUK can be issued to the portable communication device 410 and to obtain the token from the real account identifier.
  • the processing network 330 may determine that a new LUK is needed by acknowledging the indicator to provide a new LUK in the authorization request or response messages.
  • the processing network 330 may determine that a new LUK is needed on its own in some embodiments. For example, a computer in the processing network 330 may retrieve a key index indicating when the current LUK was generated from a data storage in the processing network 330, or from the authorization request message if it was transmitted from the portable communication device 410 to the access device 420 in step S406. It may also compare this data to other variable data such as current counters or timestamps to determine if a new LUK is to be issued. For example, if a key index indicates that the current LUK was generated at 12:00 p.m. on January 1, 2017, the current transaction time and date is 11:50 a.m.
  • the processing network 430 may automatically determine that a new LUK can be issued, and can automatically generate the new LUK for the portable communication device 410.
  • the key index includes a counter value of zero at the time that the current LUK is generated
  • the current value of a transaction counter is four (e.g., as received in an authorization request message or as retrieved from a data storage in the processing network 430)
  • the threshold for the issuance of a new LUK is five
  • the processing network 430 may automatically determine that a new LUK can be issued, and can automatically generate the new LUK for the portable communication device 410.
  • step S416 the processing network 430 may transmit the modified authorization response message including the token and the new LUK to the access device 420.
  • step S4108 after the access device 420 receives the authorization response message, the access device 420 may transmit the new LUK to the portable communication device 410. If the portable communication device 410 is no longer in communication with the access device 420, the access device 420 may request that the user present the portable communication device 410 to the access device 420 once more to update the portable communication device 410.
  • a clearing and settlement process can take place between the processing network S430, a transport computer (not shown), and the host system 440.
  • the mobile application may update a transaction verification log maintained by the mobile application at the end of a transaction to include information about the transaction in the transaction verification log.
  • the mobile application may recognize the end of a transaction by recognizing that all transaction processing information and/or account data that may be needed by the access device to complete the transaction has been provided to the access device (e.g., recognizing that the last record defined in the AFL has been returned successfully or if no AFL, when the GPO response has been returned successfully).
  • FIG. 5 illustrates examples of data elements that can be included in a transaction verification log, according to some embodiments.
  • the mobile application may maintain a transaction verification log per LUK or per set of account parameters.
  • the portable communication device may maintain a number of transaction verification logs for several LUKs or sets of account parameters, or optionally, once the current LUK or account parameters have been renewed or replenished, the transaction verification log corresponding to the previous LUK or account parameters can be deleted to save memory space.
  • the transaction verification log information could be used by any suitable entity (e.g., an access device, processing network, or portable communication device) to determine if a new LUK can be issued.
  • the transaction verification log may be associated with and/or may include the key index corresponding to the LUK or set of account parameters used in the logged transactions, and a sequence counter value associated with the key index or set of account parameters indicating the number of times the LUK or set of account parameters have been replenished.
  • the transaction verification log may include a transaction timestamp indicating the time of the corresponding transaction, an unpredictable number (UN) provided from the access device during the transaction (if available), an application transaction counter (ATC) value associated with the corresponding transaction (e.g., a value indicating the number of transactions that has been conducted using the mobile application at the time of the transaction), and a transaction type indicator indicating whether the corresponding transaction was conducted as an integrated chip based transaction or a magnetic stripe based transaction.
  • the transaction timestamp may be the UTC time as determined by the portable communication device at the time of the transaction.
  • FIG. 6 illustrates a block diagram of an example of a process 600 for generating a transaction cryptogram, according to some embodiments.
  • Any one of the encryption functions 606, 612, and/or 618 can be the same or be different than any of the other encryption functions.
  • any one of the encryption functions may be implemented as triple data encryption standard (TDES), data encryption standard (DES), advanced encryption standard (AES), or other suitable encryption algorithms.
  • TDES triple data encryption standard
  • DES data encryption standard
  • AES advanced encryption standard
  • Process 600 can be divided into two parts ⁇ the first part relates to the LUK generation (blocks 602 to 614), which may be performed by a processing network, token platform, or host system; and the second part relates to the transaction cryptogram generation (blocks 616-620), which may be performed by a portable communication device.
  • LUK generation blocks 602 to 614
  • transaction cryptogram generation blocks 616-620
  • the first part relating to the LUK generation can be performed once to generate a LUK, and the second part relating to the transaction cryptogram generation can be performed multiple times using the LUK generated from the first part (e.g., by the mobile application) until the LUK has exceeded its set of one or more limited-use thresholds, at which time, the first part relating to the LUK generation can be performed again (e.g., by a token platform, processing network or issuer system) to replenish, renew, or refresh the LUK.
  • Process 600 may begin by encrypting account information 604 with a first encryption key 602 using an encryption function 606 to generate a second encryption key 608.
  • the first encryption key 602 may be a base key that is associated with the issuer of the user's account, and the base key may be associated with a group of accounts.
  • the first encryption key 602 may be associated with a group of accounts within a range for HCE type transaction accounts.
  • the first encryption key 602 may be a master derivation key (MDK) associated with the issuer of the account associated with the account information 604, and the first encryption key 602 can be maintained at the processing network or the host system.
  • MDK master derivation key
  • the account information 604 may include account identifying information such as an account identifier (e.g., a PAN), an alternate account identifier (e.g., an alternate PAN), or a token that is a substitute for an account identifier, and may additionally include user identifying information such as a sequence number (e.g., a PAN sequence number (PSN)) that identifies the particular user of the account (e.g., when multiple users use the same account).
  • a sequence number e.g., a PAN sequence number (PSN)
  • the account information 604 that is used as the input to encryption function 606 can be a concatenation of the account identifying information and the user identifying information, or an inverted version of the concatenation.
  • the second encryption key 608 being generated from the account information 604 may include multiple portions that are each generated from different variations of the account information 604. For example, the second encryption key 608 may be divided into two portions. The first portion of the second encryption key 608 may be generated by encrypting the account information 604 using the first encryption key 602. The second portion of the second encryption key 608 may be generated by inverting the account information 604 and encrypting the inverted account information using the first encryption key 602.
  • the encryption function 606 used to generate the second encryption key 608 may be, for example, triple data encryption standard (TDES), and may use an initial chaining vector of binary zeros.
  • TDES triple data encryption standard
  • the second encryption key 608 generated from the account information 604 may correspond to a unique derivation key (UDK) for the account.
  • UDK unique derivation key
  • Process 600 may continue by encrypting key index information 610 with the second encryption key 608 using an encryption function 612 to generate the limited-use key (LUK) 614.
  • the key index information 610 may be derived from a key index that includes information pertaining to the generation of the LUK 614, and that may be used as a seed to generate LUK 614.
  • the key index may include time information indicating when the LUK 614 is being generated.
  • the key index may also include a replenishment counter value indicating the number of times that the LUK 614 has been renewed or replenished in a predetermined time period (e.g., number of times LUK 614 has been generated in each hour).
  • the replenishment counter value can be represented as the numeric string 'CC' (00-99). At the beginning of each hour, 'CC' starts at 00 and is incremented by 1 each time LUK 614 is generated.
  • the key index may include an ATC value, or a pseudo random number generated by the processing network or the issuer.
  • the key index information 610 that is provided as input to the encryption function 612 may be generated by padding the key index with numeric values.
  • the key index can be padded with a numeric value (e.g., 1 or 2 shown as 'm' or 'n' in FIG. 6 ) at the beginning of the key index and/or a numeric value (e.g., 80000000 shown as 'xxxxxxxx' in FIG. 6 ) at the end of the key index.
  • the LUK 614 being generated from the key index information 610 may include multiple portions that are each generated from different variations of the key index information 610. For example, the LUK 614 may be divided into two portions.
  • the first portion of LUK 614 may be generated by padding the key index with a first value to generate a first padded key index (e.g., 1YHHHHCC80000000), and encrypting the first padded key index using the second encryption key 608.
  • the second portion of LUK 614 may be generated by padding the key index with a second value to generate a second padded key index (e.g., 2YHHHHCC80000000), and encrypting the second padded key index using the second encryption key 608.
  • the encryption function 612 used to generate the LUK 614 may be, for example, TDES or other suitable encryption algorithms, and may use an initial chaining vector of binary zeros.
  • the LUK 614 and the key index that includes information pertaining to the generation of LUK 614 may be provided to a portable communication device to facilitate generation of transaction cryptograms.
  • the LUK may be associated with a set of one or more limited-use thresholds that limit the number of transactions that can be conducted using the LUK 614, such as those described herein.
  • the data relating to the specific thresholds for an LUK may be stored remotely at a processing network, token platform, or host system.
  • the transaction cryptogram 620 may be generated by encrypting dynamic transaction data 616 using the LUK 614 as an encryption key in encryption function 618.
  • the dynamic transaction data 616 may include, for example, some or all of the terminal transaction data provided from the access device to the mobile application of the portable communication device during execution of the transaction.
  • the dynamic transaction data 616 may include the following data elements: authorized amount, other amount, terminal country code, terminal verification results, transaction currency code, transaction date, transaction type, and unpredictable number; and/or may include the application interchange profile (AIP), application transaction counter (ATC), and issuer application data (IAD).
  • AIP application interchange profile
  • ATC application transaction counter
  • IAD issuer application data
  • some data elements may be omitted, and/or additional data elements not specifically described can be included.
  • the data set that makes up the dynamic transaction data 616 is provided as input to the encryption function 818.
  • the transaction cryptogram 620 can be generated by enciphering the dynamic transaction data 616 using a first portion of the LUK 614, deciphering the enciphered dynamic transaction data using a second portion of the LUK 614, and then re-enciphering the deciphered dynamic transaction data using the first portion of the LUK 614.
  • FIG. 7 illustrates a block diagram of an example of encryption function 700, according to some embodiments.
  • encryption function 700 can be used as encryption function 618.
  • the data set that makes up the dynamic transaction data 616 may be concatenated together (e.g., in the order described above), and then divided into a set of data blocks D 1 to D N of equal length (e.g., 8-byte data blocks). If the dynamic transaction data 616 does not divide equally into the length of the data blocks, the missing least significant bits in the last data block D N can be zero filled.
  • the first key KA may correspond to a first portion of the LUK 614 (e.g., most significant 8 bytes), and the second key KB may correspond to a second portion of the LUK 614 (e.g., least significant 8 bytes)
  • An iterative enciphering process may be applied to the set of data blocks D 1 to D N .
  • the iterative enciphering process may include encrypting a first data block D 1 using key KA as the encryption key in a data encryption algorithm (DEA(e)).
  • DEA(e) data encryption algorithm
  • the result of the encryption is then exclusive-ORed with the next data block D 2 .
  • the result of the exclusive-OR operation is then used as the input for the next iteration of the enciphering process.
  • the enciphering process continues until all data blocks D 1 to D N has been processed, and the output I N of the last exclusive-OR operation with the last data block D N is encrypted to form the output of the iterative enciphering process O N .
  • the output of the of the iterative enciphering process O N may then be deciphered using key KB as the decryption key in data decryption algorithm (DEA(d)).
  • the output of the deciphering process O N+1 is then re-enciphered using key KA as the encryption key in a data encryption algorithm (DEA(e)) to generate the output O N+2 .
  • the output O N+2 can be used as the transaction cryptogram 620.
  • FIG. 8 shows a block diagram of an access device 800 according to an embodiment of the invention.
  • the access device 800 includes a processor 802.
  • a network interface 804 an output device 806 (e.g., a display screen, speaker, etc.), a reader 810 (e.g., a contactless or contact-based device reader), an input device 812 (e.g., a keyboard, touchsreen, etc.), and a non-transitory computer readable medium 814 may be operatively coupled to the access device 800.
  • an output device 806 e.g., a display screen, speaker, etc.
  • a reader 810 e.g., a contactless or contact-based device reader
  • an input device 812 e.g., a keyboard, touchsreen, etc.
  • a non-transitory computer readable medium 814 may be operatively coupled to the access device 800.
  • the non-transitory computer readable medium 814 may comprise a request generation module 814A and an LUK update determination module 814B.
  • the request generation module 814A may comprise code executable by the processor 802 to generate and transmit authorization request messages and/or LUK request message as described above.
  • the LUK update determination module 814B may comprise code, which may be executable by the processor 802 to determine if an LUK on a portable communication device is to be updated or not. In some embodiments, it may comprise code for determining based upon data in a transaction verification log, and/or the current LUK residing in the portable communication device is expired or is about to expire in the near future or in the next transactions conducted with the portable communication device.
  • FIG. 9 illustrates a detailed block diagram of a portable communication device 901, according to some embodiments.
  • Portable communication device 901 may include device hardware 904 and memory 902.
  • Device hardware 904 may include a processor 905, a communications subsystem 909, a user interface 906, a display 907 (which may be part of user interface 906), and a contactless interface 908.
  • Processor 905 can be implemented as one or more integrated circuits (e.g., one or more single core or multicore microprocessors and/or microcontrollers), and is used to control the operation of portable communication device 901.
  • Processor 905 can execute a variety of programs in response to program code or computer-readable code stored in memory 902, and can maintain multiple concurrently executing programs or processes.
  • Communications subsystem 909 may include one or more RF transceivers and/or connectors that can be used by portable communication device 901 to connect with external networks (e.g., communication network 192) and communicate with other devices.
  • User interface 906 can include any combination of input and output elements to allow a user to interact with and invoke the functionalities of portable communication device 901.
  • display 907 may be part of user interface 906.
  • Contactless interface 908 may include one or more RF transceivers to interact with a contactless reader of an access device. In secure element based implementations, only the secure element may have access to contactless interface 908. In the cloud-based payments techniques described herein, contactless interface 908 can be accessed by the mobile OS 914 without requiring the user of a secure element. In some embodiments, display 907 can also be part of contactless interface 908, and is used, for example, to perform transactions using QR codes, bar codes, etc.
  • Memory 902 can be implemented using any combination of any number of non-volatile memories (e.g., flash memory) and volatile memories (e.g., DRAM, SRAM), or any other non-transitory storage medium, or a combination thereof media.
  • Memory 202 may store a mobile OS 914 and a mobile application environment 910 where one or more mobile applications reside including mobile application 912 (e.g., a mobile wallet application, mobile payment application, etc.) to be executed by processor 905.
  • Mobile OS 914 may implement a set of card emulation APIs 916 that can be invoked by mobile application 912 to access contactless interface 208 to interact with an access device.
  • Mobile application 912 may include payments logic 950.
  • Payments logic 950 may include contactless payment logic 958, proximity payment system environment (PPSE) logic 956, transaction verification log 954, and account parameters thresholds 952 (e.g., set of one or more limited-use thresholds associated with LUK 942).
  • Contactless payment logic 958 may include functionalities that enable contactless communications to carried out to conduct a contactless transaction with a contactless reader of an access device.
  • PPSE logic 956 is used to inform the access device which payment product is available on mobile application 912.
  • Transaction verification log 954 can be used for post-payment support or to determine if a new LUK can be issued to the portable communication device 901.
  • Mobile application 912 may maintain transaction verification log 954 (can be hidden from the consumer) retaining transaction details for transactions initiated from mobile application 912.
  • Mobile application 912 may also use the transaction verification log 954 to support active account management processes and post payment interactions.
  • Account parameters thresholds 952 e.g., limited-user thresholds
  • Mobile application 912 may also include account parameter storage 940 and mobile application platform (MAP) communications logic 946.
  • Account parameter storage 940 stores the account parameters (e.g., account identifier or alternate account identifier or token, LUK 942, key index 944, etc.) that are used to initiate a payment transaction.
  • MAP communications logic 946 is used to enable secure communications with a mobile application platform (MAP) in order to request, send, and receive information to manage a user's cloud-based payment accounts. This may include logic to consume and process information for account management logic 930.
  • Account management logic 930 includes logic to process information for payments services such as enrollment logic 932, provisioning logic 933, active account management logic 936, lifecycle management logic 934, and post payment interactions logic 938.
  • Enrollment logic 932 includes logic for a consumer to initiate the enrollment of an account to the payment service.
  • Provisioning logic 933 includes logic to process the issuer data to configure the account into mobile application 912, including the provisioning of the initial account parameters.
  • Active account management logic 936 can be used to initiate a request with MAP to update the account parameters when account parameter thresholds have been exceeded.
  • Lifecycle management logic 934 may include logic to initiate and process account lifecycle events such as consumer initiated delete, issuer-initiated delete, issuer-initiated suspend, and/or issuer-initiated resume, etc.
  • Post payment interactions logic 938 is used to support payment verification.
  • Post payment interactions logic 938 may include logic to receive and respond to requests from MAP for transaction verification log 954.
  • Post payment interactions logic 238 can be used to support account parameters replenishment, and may include logic to extract information from transaction verification log 954 to send to MAP as part of an account parameter replenishment request.
  • Mobile application 912 may also include mobile application features 920.
  • Mobile application features 920 may include consumer verification methods (CVM) logic 924, payment modes 922, and user settings 926.
  • CVM logic 924 may include logic to confirm a mobile application passcode or on-device verification method (e.g., screen lock), or other verification information method supported by mobile application 912.
  • Payment modes 922 may include logic to support various ways of setting up mobile application 912 and portable communication device 901 to be ready to initiate a transaction, and may include support for Manual Mode and/or Always-On Mode.
  • Manual Mode is a state where mobile application 912 is configured to be accessible for making a payment after the consumer has explicitly chosen to (1) open mobile application 912, (2) entered user input for a consumer verification method if required, and (3) selected an account to make a contactless payment transaction and for a single transaction or limited time.
  • a decision can be made whether a consumer device cardholder verification method (CDCVM) will be required prior to making payment. If a CDCVM is used, then the two-tap scenario for high-value transactions may not be necessary. Conversely, to reduce barriers to use, if an issuer decides to opt for not asking for a CDCVM in Manual Mode, then the consumer will be able to conduct transactions once the conditions for Manual Mode operation are met. In this latter scenario, mobile application 912 may support entry of CDCVM if a CDCVM is requested during a high value payment.
  • CDCVM consumer device cardholder verification method
  • Always-On Mode is a state where an account on portable communication device 901 (a default account) is to be continuously accessible to a contactless reader.
  • a portable communication device with an account set in this state allows a consumer to initiate a contactless payment transaction by the presentation of the portable communication device to a contactless reader.
  • embodiments of the invention can be used in other environments that do not require payments.
  • embodiments of the invention may be used to access locations such as buildings, access data from remote servers, etc.
  • Embodiments of the invention have a number of advantages. For example, by allowing a limited use encryption key in a portable communication device to be updated via an access device such as a POS terminal, the portable communication device need not be in long range over-the-air communication with a remote provisioning server computer. Further, the portable communication device need not even have the ability to communicate with the remote provisioning server computer via a long range over-the-air communication mechanism. Still further, embodiments of the invention can advantageously reduce the number of communications and interactions compared to conventional provisioning processes. As noted above, in some embodiments, a limited use encryption key can be updated during a transaction authorization process. A separate provisioning message set is not required in some embodiments of the invention.
  • any of the software components or functions described herein may be implemented as software code to be executed by a processor using any suitable computer language such as, for example, Java, C++ or Perl using, e.g., conventional or object-oriented techniques.
  • the software code may be stored as a series of instructions, or commands on a computer readable medium, such as a random access memory (RAM), a read only memory (ROM), a magnetic medium such as a hard-drive or a floppy disk, or an optical medium such as a CD-ROM.
  • RAM random access memory
  • ROM read only memory
  • magnetic medium such as a hard-drive or a floppy disk
  • optical medium such as a CD-ROM.
  • Any such computer readable medium may reside on or within a single computational apparatus, and may be present on or within different computational apparatuses in a system or network.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Software Systems (AREA)
  • Physics & Mathematics (AREA)
  • Computing Systems (AREA)
  • Bioethics (AREA)
  • General Health & Medical Sciences (AREA)
  • Health & Medical Sciences (AREA)
  • Telephonic Communication Services (AREA)
  • Financial Or Insurance-Related Operations Such As Payment And Settlement (AREA)
  • Mobile Radio Communication Systems (AREA)
  • Materials For Medical Uses (AREA)
  • Medicinal Preparation (AREA)
  • Cash Registers Or Receiving Machines (AREA)

Claims (11)

  1. Procédé comprenant :
    l'initiation (S402) d'une communication entre un dispositif de communication portable et un terminal de point de vente, le dispositif de communication portable comprenant un jeton et une première clé à utilisation limitée, dans lequel le dispositif de communication portable ne peut pas recevoir de communications sur des réseaux cellulaires;
    la réception (S418), par le dispositif de communication portable, à partir d'un serveur distant d'un réseau de traitement de paiement via le terminal de point de vente, d'une deuxième clé à utilisation limitée, dans lequel le dispositif de communication portable est en communication à courte portée ou en contact avec le terminal de point de vente ; et
    le remplacement, par le dispositif de communication portable, de la première clé à utilisation limitée avec la deuxième clé à utilisation limitée ;
    dans lequel la deuxième clé à utilisation limitée est reçue par le dispositif de communication portable à partir du terminal de point de vente après qu'un message de réponse d'autorisation soit reçu par le terminal de point de vente à partir du serveur distant, dans lequel le message de réponse d'autorisation est une réponse de message électronique à un message de demande d'autorisation et comprend la deuxième clé à utilisation limitée, et dans lequel le message de demande d'autorisation est un message électronique généré et transmis par le terminal de point de vente au serveur distant pour demander une autorisation pour une transaction ;
    le cryptage, à l'aide de la deuxième clé à utilisation limitée et par le dispositif de communication portable, de données de transaction pour une transaction ultérieure pour former un cryptogramme ; et
    la transmission, par le dispositif de communication portable, du jeton et du cryptogramme au terminal de point de vente pour effectuer la transaction ultérieure.
  2. Procédé selon la revendication 1, dans lequel le dispositif de communication portable est sous la forme d'un dispositif portable.
  3. Procédé selon l'une quelconque des revendications précédentes, dans lequel le dispositif de communication portable n'a pas d'élément sécurisé.
  4. Procédé selon l'une quelconque des revendications précédentes, dans lequel la deuxième clé à utilisation limitée est reçue dans un message à partir du terminal de point de vente, le message étant l'un parmi de multiples messages passant entre le dispositif de communication portable et le terminal de point de vente dans une interaction physique unique entre le dispositif de communication portable et le terminal de point de vente.
  5. Dispositif de communication portable (410) comprenant :
    un processeur ; et
    un support lisible par ordinateur, le support lisible par ordinateur comprenant un code, exécutable par le processeur pour mettre en œuvre un procédé selon l'une quelconque des revendications précédentes.
  6. Procédé comprenant :
    la communication, par un terminal de point de vente, avec un dispositif de communication portable, le dispositif de communication portable comprenant un jeton et une première clé à utilisation limitée, dans lequel le dispositif de communication portable ne peut pas recevoir de communications sur des réseaux cellulaires ;
    la réception (S416), par le terminal de point de vente, d'une deuxième clé à utilisation limitée à partir d'un ordinateur serveur distant d'un réseau de traitement de paiement ; et
    la fourniture (S418), par le terminal de point de vente, au dispositif de communication portable, de la deuxième clé à utilisation limitée, dans lequel le dispositif de communication portable est en communication à courte portée ou en contact avec le terminal de point de vente,
    dans lequel la deuxième clé à utilisation limitée est reçue par le dispositif de communication portable après qu'un message de réponse d'autorisation soit reçu par le terminal de point de vente à partir de l'ordinateur serveur distant, dans lequel le message de réponse d'autorisation est une réponse de message électronique à un message de demande d'autorisation et comprend la deuxième clé à utilisation limitée, et dans lequel le message de demande d'autorisation est un message électronique généré et transmis par le terminal de point de vente à l'ordinateur serveur distant pour demander une autorisation pour une transaction ; et
    la réception (S406), par le terminal de point de vente, d'un cryptogramme et du jeton à partir du dispositif de communication portable pour effectuer une transaction ultérieure, dans lequel le cryptogramme est créé par le dispositif de communication portable à l'aide de la deuxième clé à utilisation limitée.
  7. Procédé selon la revendication 6, dans lequel le terminal de point de vente comprend un lecteur sans contact, et dans lequel le dispositif de communication portable est capable de communication avec le lecteur sans contact à travers un support de communication sans fil.
  8. Procédé selon la revendication 6 ou 7, dans lequel l'ordinateur serveur distant est un ordinateur d'entité d'autorisation.
  9. Procédé selon l'une quelconque des revendications 1 à 4 et 6 à 8, dans lequel le jeton est un substitut pour un numéro de compte de paiement.
  10. Procédé selon l'une quelconque des revendications 1 à 4 et 6 à 9, dans lequel le message de demande d'autorisation comprend un indicateur pour indiquer que la deuxième clé à utilisation limitée est demandée.
  11. Terminal de point de vente (420) configuré pour exécuter le procédé selon l'une quelconque des revendications 6 à 10.
EP17828213.3A 2016-07-11 2017-07-07 Procédé d'échange de clés de chiffrement utilisant un dispositif d'accès Active EP3482337B1 (fr)

Priority Applications (1)

Application Number Priority Date Filing Date Title
EP21192249.7A EP3929788A1 (fr) 2016-07-11 2017-07-07 Processus d'échange de clés de cryptage à l'aide d'un dispositif d'accès

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
US201662360768P 2016-07-11 2016-07-11
PCT/US2017/041220 WO2018013431A2 (fr) 2016-07-11 2017-07-07 Procédé d'échange de clés de chiffrement utilisant un dispositif d'accès

Related Child Applications (2)

Application Number Title Priority Date Filing Date
EP21192249.7A Division EP3929788A1 (fr) 2016-07-11 2017-07-07 Processus d'échange de clés de cryptage à l'aide d'un dispositif d'accès
EP21192249.7A Division-Into EP3929788A1 (fr) 2016-07-11 2017-07-07 Processus d'échange de clés de cryptage à l'aide d'un dispositif d'accès

Publications (3)

Publication Number Publication Date
EP3482337A2 EP3482337A2 (fr) 2019-05-15
EP3482337A4 EP3482337A4 (fr) 2019-05-15
EP3482337B1 true EP3482337B1 (fr) 2021-09-29

Family

ID=60952174

Family Applications (2)

Application Number Title Priority Date Filing Date
EP21192249.7A Pending EP3929788A1 (fr) 2016-07-11 2017-07-07 Processus d'échange de clés de cryptage à l'aide d'un dispositif d'accès
EP17828213.3A Active EP3482337B1 (fr) 2016-07-11 2017-07-07 Procédé d'échange de clés de chiffrement utilisant un dispositif d'accès

Family Applications Before (1)

Application Number Title Priority Date Filing Date
EP21192249.7A Pending EP3929788A1 (fr) 2016-07-11 2017-07-07 Processus d'échange de clés de cryptage à l'aide d'un dispositif d'accès

Country Status (7)

Country Link
US (2) US11238140B2 (fr)
EP (2) EP3929788A1 (fr)
CN (2) CN109643354B (fr)
AU (1) AU2017295842A1 (fr)
BR (1) BR112018076196A2 (fr)
SG (2) SG11201808998RA (fr)
WO (1) WO2018013431A2 (fr)

Families Citing this family (35)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US10846683B2 (en) 2009-05-15 2020-11-24 Visa International Service Association Integration of verification tokens with mobile communication devices
US9105027B2 (en) 2009-05-15 2015-08-11 Visa International Service Association Verification of portable consumer device for secure services
US10282724B2 (en) 2012-03-06 2019-05-07 Visa International Service Association Security system incorporating mobile device
US11037139B1 (en) 2015-03-19 2021-06-15 Wells Fargo Bank, N.A. Systems and methods for smart card mobile device authentication
US11188919B1 (en) 2015-03-27 2021-11-30 Wells Fargo Bank, N.A. Systems and methods for contactless smart card authentication
CN109074578A (zh) 2016-04-19 2018-12-21 维萨国际服务协会 用于执行推送交易的系统和方法
US11113688B1 (en) 2016-04-22 2021-09-07 Wells Fargo Bank, N.A. Systems and methods for mobile wallet provisioning
AU2017295842A1 (en) 2016-07-11 2018-11-01 Visa International Service Association Encryption key exchange process using access device
US11316830B2 (en) * 2018-05-30 2022-04-26 Accenture Global Solutions Limited Digital content security and communication system using anonymized account classification and analysis
CN112740207A (zh) 2018-08-22 2021-04-30 维萨国际服务协会 用于令牌预配和处理的方法和系统
WO2020076854A2 (fr) 2018-10-08 2020-04-16 Visa International Service Association Techniques pour des transactions de proximité de jeton
EP3654264A1 (fr) 2018-11-14 2020-05-20 Mastercard International Incorporated Gestion de justificatif d'identité pour dispositifs mobiles
CN113196813B (zh) * 2018-12-12 2024-05-24 维萨国际服务协会 从非接触式装置发起的预配
WO2020140261A1 (fr) 2019-01-04 2020-07-09 Baidu.Com Times Technology (Beijing) Co., Ltd. Procédé et système pour protéger des données traitées par des accélérateurs de traitement de données
CN112262546B (zh) * 2019-01-04 2024-04-23 百度时代网络技术(北京)有限公司 用于数据处理加速器的密钥分配和交换的方法和系统
EP3794477B1 (fr) 2019-01-04 2023-05-10 Baidu.com Times Technology (Beijing) Co., Ltd. Procédé et système de validation d'objets noyaux destinés à être exécutés par un accélérateur de traitement de données d'un système hôte
US11409534B2 (en) 2019-01-04 2022-08-09 Baidu Usa Llc Attestation protocol between a host system and a data processing accelerator
EP3811271B1 (fr) * 2019-01-04 2023-02-15 Baidu.com Times Technology (Beijing) Co., Ltd. Accélérateur de traitement de données doté d'une unité d'heure locale permettant de générer des estampilles temporelles
WO2020140269A1 (fr) 2019-01-04 2020-07-09 Baidu.Com Times Technology (Beijing) Co., Ltd. Procédé et système de gestion de mémoire d'accélérateurs de traitement de données
EP3794493A4 (fr) 2019-01-04 2022-01-12 Baidu.com Times Technology (Beijing) Co., Ltd. Procédé d'établissement d'un canal d'échange d'informations sécurisé entre un système hôte et un accélérateur de traitement de données
US11799651B2 (en) 2019-01-04 2023-10-24 Baidu Usa Llc Data processing accelerator having a security unit to provide root trust services
WO2020140268A1 (fr) 2019-01-04 2020-07-09 Baidu.Com Times Technology (Beijing) Co., Ltd. Procédé et système pour fournir des communications sécurisées entre un système hôte et un accélérateur de traitement de données
CN112236972B (zh) 2019-01-04 2023-06-16 百度时代网络技术(北京)有限公司 用于导出会话密钥以确保主机系统和数据处理加速器之间的信息交换信道的方法和系统
CN111464482B (zh) * 2019-01-18 2022-11-08 中兴通讯股份有限公司 认证处理方法、装置、存储介质及电子装置
WO2020187448A1 (fr) 2019-03-20 2020-09-24 Giesecke+Devrient Mobile Security Gmbh Procédé pour effectuer des transactions financières
US11151542B2 (en) * 2019-05-07 2021-10-19 Paypal, Inc. Wearable payment device
US11849042B2 (en) 2019-05-17 2023-12-19 Visa International Service Association Virtual access credential interaction system and method
US11562351B2 (en) * 2019-08-09 2023-01-24 Its, Inc. Interoperable mobile-initiated transactions with dynamic authentication
EP4022837A1 (fr) * 2019-08-27 2022-07-06 Intertrust Technologies Corporation Systèmes et procédés cryptographiques à plusieurs parties
US11928666B1 (en) 2019-09-18 2024-03-12 Wells Fargo Bank, N.A. Systems and methods for passwordless login via a contactless card
US11595403B2 (en) * 2019-12-11 2023-02-28 At&T Intellectual Property I, L.P. Conditional temporary authentication for third party nodes
IT202000001462A1 (it) * 2020-01-24 2021-07-24 St Microelectronics Srl Apparato per azionare una rete neurale, corrispondente procedimento e prodotto informatico
CN111415734A (zh) * 2020-03-20 2020-07-14 四川南格尔生物科技有限公司 一种有源医疗器械的使用期限管理方法
US11423392B1 (en) 2020-12-01 2022-08-23 Wells Fargo Bank, N.A. Systems and methods for information verification using a contactless card
US20230388793A1 (en) * 2022-05-27 2023-11-30 Icashe, Inc. Secure mobile transaction apparatus and method

Family Cites Families (560)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US4423287A (en) * 1981-06-26 1983-12-27 Visa U.S.A., Inc. End-to-end encryption system and method of operation
JPS5827701U (ja) 1981-08-18 1983-02-22 株式会社竹内製作所 巻尺
US4933971A (en) 1989-03-14 1990-06-12 Tandem Computers Incorporated Method for encrypting transmitted data using a unique key
US5301231A (en) 1992-02-12 1994-04-05 International Business Machines Corporation User defined function facility
US5280527A (en) 1992-04-14 1994-01-18 Kamahira Safe Co., Inc. Biometric token for authorizing access to a host system
GB9309246D0 (en) 1993-05-05 1993-06-16 Esselte Meto Int Gmbh Rechargeable shelf edge tag
US5613012A (en) 1994-11-28 1997-03-18 Smarttouch, Llc. Tokenless identification system for authorization of electronic transactions and electronic transmissions
US6658568B1 (en) 1995-02-13 2003-12-02 Intertrust Technologies Corporation Trusted infrastructure support system, methods and techniques for secure electronic commerce transaction and rights management
US5892900A (en) 1996-08-30 1999-04-06 Intertrust Technologies Corp. Systems and methods for secure transaction management and electronic rights protection
US5781438A (en) 1995-12-19 1998-07-14 Pitney Bowes Inc. Token generation process in an open metering system
US6044360A (en) 1996-04-16 2000-03-28 Picciallo; Michael J. Third party credit card
US5930767A (en) 1997-05-28 1999-07-27 Motorola, Inc. Transaction methods systems and devices
US5913203A (en) 1996-10-03 1999-06-15 Jaesent Inc. System and method for pseudo cash transactions
US5953710A (en) 1996-10-09 1999-09-14 Fleming; Stephen S. Children's credit or debit card system
GB9624127D0 (en) 1996-11-20 1997-01-08 British Telecomm Transaction system
US6317832B1 (en) 1997-02-21 2001-11-13 Mondex International Limited Secure multiple application card system and process
US5949044A (en) 1997-06-13 1999-09-07 Walker Asset Management Limited Partnership Method and apparatus for funds and credit line transfers
US7177835B1 (en) 1997-08-28 2007-02-13 Walker Digital, Llc Method and device for generating a single-use financial account number
US6163771A (en) 1997-08-28 2000-12-19 Walker Digital, Llc Method and device for generating a single-use financial account number
US6000832A (en) 1997-09-24 1999-12-14 Microsoft Corporation Electronic online commerce card with customer generated transaction proxy number for online transactions
US5883810A (en) 1997-09-24 1999-03-16 Microsoft Corporation Electronic online commerce card with transactionproxy number for online transactions
US6014635A (en) 1997-12-08 2000-01-11 Shc Direct, Inc. System and method for providing a discount credit transaction network
US6385596B1 (en) 1998-02-06 2002-05-07 Liquid Audio, Inc. Secure online music distribution system
US6980670B1 (en) 1998-02-09 2005-12-27 Indivos Corporation Biometric tokenless electronic rewards system and method
US6636833B1 (en) 1998-03-25 2003-10-21 Obis Patents Ltd. Credit card system and method
US6422462B1 (en) 1998-03-30 2002-07-23 Morris E. Cohen Apparatus and methods for improved credit cards and credit card transactions
DE19820422A1 (de) 1998-05-07 1999-11-11 Giesecke & Devrient Gmbh Verfahren zur Authentisierung einer Chipkarte innerhalb eines Nachrichtenübertragungs-Netzwerks
IL125826A (en) 1998-08-17 2001-05-20 Ur Jonathan Shem Method for preventing unauthorized use of credit cards in remote payments and an optional supplemental-code card for use therein
US8799153B2 (en) 1998-08-31 2014-08-05 Mastercard International Incorporated Systems and methods for appending supplemental payment data to a transaction message
PL343631A1 (en) 1998-09-04 2001-08-27 Impower Electronic commerce with anonymous shopping and anonymous vendor shipping
JP2000115153A (ja) 1998-09-30 2000-04-21 Fujitsu Ltd セキュリティ方法及びセキュリティ装置
US6327578B1 (en) 1998-12-29 2001-12-04 International Business Machines Corporation Four-party credit/debit payment protocol
JP2000322486A (ja) 1999-02-12 2000-11-24 Citibank Na 銀行カード取引きを履行するための方法およびシステム
US7571139B1 (en) 1999-02-19 2009-08-04 Giordano Joseph A System and method for processing financial transactions
US6227447B1 (en) 1999-05-10 2001-05-08 First Usa Bank, Na Cardless payment system
US7194437B1 (en) 1999-05-14 2007-03-20 Amazon.Com, Inc. Computer-based funds transfer system
US6725371B1 (en) 1999-06-30 2004-04-20 Intel Corporation Secure packet processor
US7908216B1 (en) 1999-07-22 2011-03-15 Visa International Service Association Internet payment, authentication and loading system using virtual smart card
WO2001008066A1 (fr) 1999-07-26 2001-02-01 Iprivacy Llc Achat electronique de biens sur un reseau de communication comprenant une livraison physique tout en assurant la securite des informations privees et a caractere personnel
US6748367B1 (en) 1999-09-24 2004-06-08 Joonho John Lee Method and system for effecting financial transactions over a public network without submission of sensitive information
JP3570311B2 (ja) * 1999-10-07 2004-09-29 日本電気株式会社 無線lanの暗号鍵更新システム及びその更新方法
AU1598101A (en) 1999-11-10 2001-06-06 Serge M. Krasnyansky On-line payment system
GB9929364D0 (en) 1999-12-10 2000-02-02 Microbar Security Limited Improvements in or relating to coding techniques
JP2003519420A (ja) 1999-12-17 2003-06-17 チャンタレイ・コーポレイション・リミテッド セキュリティを確保した取り引きシステム
JP4501197B2 (ja) * 2000-01-07 2010-07-14 ソニー株式会社 情報携帯処理システム、情報携帯装置のアクセス装置及び情報携帯装置
EP1473722B1 (fr) 2000-01-14 2010-09-22 Panasonic Corporation Dispositif et méthode d'authentification mutuelle, qui chiffre les informations d'accès à une mémoire confidentielle
US7426750B2 (en) 2000-02-18 2008-09-16 Verimatrix, Inc. Network-based content distribution system
US6453301B1 (en) 2000-02-23 2002-09-17 Sony Corporation Method of using personal device with internal biometric in conducting transactions over a network
AU2001239945A1 (en) 2000-02-29 2001-09-12 E-Scoring, Inc. Systems and methods enabling anonymous credit transactions
US7865414B2 (en) 2000-03-01 2011-01-04 Passgate Corporation Method, system and computer readable medium for web site account and e-commerce management from a central location
TW550477B (en) 2000-03-01 2003-09-01 Passgate Corp Method, system and computer readable medium for Web site account and e-commerce management from a central location
US7627531B2 (en) 2000-03-07 2009-12-01 American Express Travel Related Services Company, Inc. System for facilitating a transaction
WO2001069556A2 (fr) 2000-03-15 2001-09-20 Mastercard International Incorporated Procede et systeme permettant d'effectuer des paiements securises sur un reseau informatique
US6990470B2 (en) 2000-04-11 2006-01-24 Mastercard International Incorporated Method and system for conducting secure payments over a computer network
US20100228668A1 (en) 2000-04-11 2010-09-09 Hogan Edward J Method and System for Conducting a Transaction Using a Proximity Device and an Identifier
US7379919B2 (en) 2000-04-11 2008-05-27 Mastercard International Incorporated Method and system for conducting secure payments over a computer network
US7177848B2 (en) 2000-04-11 2007-02-13 Mastercard International Incorporated Method and system for conducting secure payments over a computer network without a pseudo or proxy account number
US20020049636A1 (en) 2000-04-11 2002-04-25 Griffin Carter H. System and method for generating and transmitting data keys to facilitate delivery, pick-up and other commercial transactions
US20100223186A1 (en) 2000-04-11 2010-09-02 Hogan Edward J Method and System for Conducting Secure Payments
AU2001253502A1 (en) 2000-04-14 2001-10-30 American Express Travel Related Services Company, Inc. A system and method for using loyalty points
CA2305249A1 (fr) 2000-04-14 2001-10-14 Branko Sarcanin Coffre-fort virtuel
US20070129955A1 (en) 2000-04-14 2007-06-07 American Express Travel Related Services Company, Inc. System and method for issuing and using a loyalty point advance
KR101015341B1 (ko) 2000-04-24 2011-02-16 비자 인터내셔날 써비스 어쏘시에이션 온라인 지불인 인증 서비스
US6592044B1 (en) 2000-05-15 2003-07-15 Jacob Y. Wong Anonymous electronic card for generating personal coupons useful in commercial and security transactions
AU2001265107A1 (en) 2000-05-26 2001-12-11 Interchecks, Llc Methods and systems for network based electronic purchasing system
US6891953B1 (en) 2000-06-27 2005-05-10 Microsoft Corporation Method and system for binding enhanced software features to a persona
US6938019B1 (en) 2000-08-29 2005-08-30 Uzo Chijioke Chukwuemeka Method and apparatus for making secure electronic payments
WO2002019225A1 (fr) 2000-09-01 2002-03-07 Infospace, Inc. Procede et systeme facilitant les transferts de fonds en utilisant un indentificateur telephonique
US20020073045A1 (en) 2000-10-23 2002-06-13 Rubin Aviel D. Off-line generation of limited-use credit card numbers
US7996288B1 (en) 2000-11-15 2011-08-09 Iprivacy, Llc Method and system for processing recurrent consumer transactions
US20040236632A1 (en) 2000-12-07 2004-11-25 Maritzen Michael L. System and method for conducing financial transactions using a personal transaction device with vehicle-accessed, payment-gateway terminals
US6931382B2 (en) 2001-01-24 2005-08-16 Cdck Corporation Payment instrument authorization technique
GB2372616A (en) 2001-02-23 2002-08-28 Hewlett Packard Co Transaction method and apparatus using two part tokens
US7292999B2 (en) 2001-03-15 2007-11-06 American Express Travel Related Services Company, Inc. Online card present transaction
US7237117B2 (en) 2001-03-16 2007-06-26 Kenneth P. Weiss Universal secure registry
US7685037B2 (en) 2001-03-26 2010-03-23 3MFuture Ltd. Transaction authorisation system
US20020147913A1 (en) 2001-04-09 2002-10-10 Lun Yip William Wai Tamper-proof mobile commerce system
KR100641824B1 (ko) 2001-04-25 2006-11-06 주식회사 하렉스인포텍 대칭키 보안 알고리즘을 이용한 금융정보 입력방법 및 그이동통신용 상거래 시스템
US7650314B1 (en) 2001-05-25 2010-01-19 American Express Travel Related Services Company, Inc. System and method for securing a recurrent billing transaction
US8060448B2 (en) 2001-05-30 2011-11-15 Jones Thomas C Late binding tokens
JP4363800B2 (ja) 2001-06-11 2009-11-11 ソニー株式会社 電子商取引支援装置,電子商取引支援方法およびコンピュータプログラム
US7805378B2 (en) 2001-07-10 2010-09-28 American Express Travel Related Servicex Company, Inc. System and method for encoding information in magnetic stripe format for use in radio frequency identification transactions
US20060237528A1 (en) 2001-07-10 2006-10-26 Fred Bishop Systems and methods for non-traditional payment
US8737954B2 (en) 2001-08-21 2014-05-27 Bookit Oy Ajanvarauspalvelu Managing recurring payments from mobile terminals
US7444676B1 (en) 2001-08-29 2008-10-28 Nader Asghari-Kamrani Direct authentication and authorization system and method for trusted network of financial institutions
US7103576B2 (en) 2001-09-21 2006-09-05 First Usa Bank, Na System for providing cardless payment
KR100420600B1 (ko) 2001-11-02 2004-03-02 에스케이 텔레콤주식회사 아이알에프엠을 이용한 이엠브이 지불 처리방법
US7085386B2 (en) * 2001-12-07 2006-08-01 Activcard System and method for secure replacement of high level cryptographic keys in a personal security device
US6901387B2 (en) 2001-12-07 2005-05-31 General Electric Capital Financial Electronic purchasing method and apparatus for performing the same
US7805376B2 (en) 2002-06-14 2010-09-28 American Express Travel Related Services Company, Inc. Methods and apparatus for facilitating a transaction
US7051932B2 (en) 2001-12-26 2006-05-30 Vivotech, Inc. Adaptor for magnetic stripe card reader
US7904360B2 (en) 2002-02-04 2011-03-08 Alexander William EVANS System and method for verification, authentication, and notification of a transaction
US7890393B2 (en) 2002-02-07 2011-02-15 Ebay, Inc. Method and system for completing a transaction between a customer and a merchant
US8909557B2 (en) 2002-02-28 2014-12-09 Mastercard International Incorporated Authentication arrangement and method for use with financial transaction
AUPS087602A0 (en) 2002-03-04 2002-03-28 Ong, Yong Kin (Michael) Electronic fund transfer system
US8751391B2 (en) 2002-03-29 2014-06-10 Jpmorgan Chase Bank, N.A. System and process for performing purchase transactions using tokens
US20040210498A1 (en) 2002-03-29 2004-10-21 Bank One, National Association Method and system for performing purchase and other transactions using tokens with multiple chips
GB2387253B (en) 2002-04-03 2004-02-18 Swivel Technologies Ltd System and method for secure credit and debit card transactions
US20030191709A1 (en) 2002-04-03 2003-10-09 Stephen Elston Distributed payment and loyalty processing for retail and vending
US7707120B2 (en) 2002-04-17 2010-04-27 Visa International Service Association Mobile account authentication service
US7979348B2 (en) 2002-04-23 2011-07-12 Clearing House Payments Co Llc Payment identification code and payment system using the same
KR100888471B1 (ko) * 2002-07-05 2009-03-12 삼성전자주식회사 링크 접속권한을 등급화 한 암호화 키 차등분배방법 및이를 이용한 로밍방법
US8412623B2 (en) 2002-07-15 2013-04-02 Citicorp Credit Services, Inc. Method and system for a multi-purpose transactional platform
US7209561B1 (en) 2002-07-19 2007-04-24 Cybersource Corporation System and method for generating encryption seed values
US20040127256A1 (en) 2002-07-30 2004-07-01 Scott Goldthwaite Mobile device equipped with a contactless smart card reader/writer
US7801826B2 (en) 2002-08-08 2010-09-21 Fujitsu Limited Framework and system for purchasing of goods and services
US7353382B2 (en) 2002-08-08 2008-04-01 Fujitsu Limited Security framework and protocol for universal pervasive transactions
US7606560B2 (en) 2002-08-08 2009-10-20 Fujitsu Limited Authentication services using mobile device
US6805287B2 (en) 2002-09-12 2004-10-19 American Express Travel Related Services Company, Inc. System and method for converting a stored value card to a credit card
AU2003296927A1 (en) 2002-11-05 2004-06-07 Todd Silverstein Remote purchasing system and method
EP1570442A2 (fr) 2002-11-27 2005-09-07 RSA Security Inc. Systeme et procede de validation d'identite
GB2396472A (en) 2002-12-18 2004-06-23 Ncr Int Inc System for cash withdrawal
US7827101B2 (en) 2003-01-10 2010-11-02 First Data Corporation Payment system clearing for transactions
TW200412524A (en) 2003-01-15 2004-07-16 Lee Fung Chi A small amount paying/receiving system
US7765281B1 (en) 2003-03-10 2010-07-27 Motive, Inc. Large-scale targeted data distribution system
US8082210B2 (en) 2003-04-29 2011-12-20 The Western Union Company Authentication for online money transfers
WO2005001751A1 (fr) 2003-06-02 2005-01-06 Regents Of The University Of California Systeme pour traiter les signaux biometriques au moyen de l'accelertation materielle et logicielle
CA2528428C (fr) 2003-06-05 2013-01-22 Intertrust Technologies Corporation Systemes et procedes interoperables destines a la gestion d'un service poste-a-poste
GB0318000D0 (en) 2003-07-31 2003-09-03 Ncr Int Inc Mobile applications
US7761374B2 (en) 2003-08-18 2010-07-20 Visa International Service Association Method and system for generating a dynamic verification value
US20050199709A1 (en) 2003-10-10 2005-09-15 James Linlor Secure money transfer between hand-held devices
US7567936B1 (en) 2003-10-14 2009-07-28 Paradox Technical Solutions Llc Method and apparatus for handling pseudo identities
US20050080730A1 (en) 2003-10-14 2005-04-14 First Data Corporation System and method for secure account transactions
US20050108178A1 (en) 2003-11-17 2005-05-19 Richard York Order risk determination
US7543739B2 (en) 2003-12-17 2009-06-09 Qsecure, Inc. Automated payment card fraud detection and location
US7357309B2 (en) 2004-01-16 2008-04-15 Telefonaktiebolaget Lm Ericsson (Publ) EMV transactions in mobile terminals
JP5043442B2 (ja) 2004-01-20 2012-10-10 金 富 黄 ロック付き銀行コンピュータ口座システム
US7882361B2 (en) 2004-02-05 2011-02-01 Oracle America, Inc. Method and system for accepting a pass code
US7681232B2 (en) 2004-03-08 2010-03-16 Cardlab Aps Credit card and a secured data activation system
US7584153B2 (en) 2004-03-15 2009-09-01 Qsecure, Inc. Financial transactions with dynamic card verification values
US7580898B2 (en) 2004-03-15 2009-08-25 Qsecure, Inc. Financial transactions with dynamic personal account numbers
GB0407369D0 (en) 2004-03-31 2004-05-05 British Telecomm Trust tokens
US20140019352A1 (en) 2011-02-22 2014-01-16 Visa International Service Association Multi-purpose virtual card transaction apparatuses, methods and systems
US20050238174A1 (en) * 2004-04-22 2005-10-27 Motorola, Inc. Method and system for secure communications over a public network
US20060041655A1 (en) 2004-05-06 2006-02-23 Marty Holloway Bi-directional remote control for remotely controllable apparatus
US20050269401A1 (en) 2004-06-03 2005-12-08 Tyfone, Inc. System and method for securing financial transactions
WO2005119607A2 (fr) 2004-06-03 2005-12-15 Tyfone, Inc. Systeme et procede pour securiser pour des transactions financieres
US8412837B1 (en) 2004-07-08 2013-04-02 James A. Roskind Data privacy
US7264154B2 (en) 2004-07-12 2007-09-04 Harris David N System and method for securing a credit account
US7287692B1 (en) 2004-07-28 2007-10-30 Cisco Technology, Inc. System and method for securing transactions in a contact center environment
US7506812B2 (en) 2004-09-07 2009-03-24 Semtek Innovative Solutions Corporation Transparently securing data for transmission on financial networks
GB0420409D0 (en) 2004-09-14 2004-10-20 Waterleaf Ltd Online commercial transaction system and method of operation thereof
US7051929B2 (en) 2004-10-18 2006-05-30 Gongling Li Secure credit card having daily changed security number
US8700729B2 (en) 2005-01-21 2014-04-15 Robin Dua Method and apparatus for managing credentials through a wireless network
US7548889B2 (en) 2005-01-24 2009-06-16 Microsoft Corporation Payment information security for multi-merchant purchasing environment for downloadable products
US7581678B2 (en) 2005-02-22 2009-09-01 Tyfone, Inc. Electronic transaction card
KR20070120125A (ko) 2005-04-19 2007-12-21 마이크로소프트 코포레이션 온라인 거래 허가 방법, 시스템 및 장치
US7849020B2 (en) 2005-04-19 2010-12-07 Microsoft Corporation Method and apparatus for network transactions
US20060235795A1 (en) 2005-04-19 2006-10-19 Microsoft Corporation Secure network commercial transactions
US7793851B2 (en) 2005-05-09 2010-09-14 Dynamics Inc. Dynamic credit card with magnetic stripe and embedded encoder and methods for using the same to provide a copy-proof credit card
US20080035738A1 (en) 2005-05-09 2008-02-14 Mullen Jeffrey D Dynamic credit card with magnetic stripe and embedded encoder and methods for using the same to provide a copy-proof credit card
WO2006135779A2 (fr) 2005-06-10 2006-12-21 American Express Travel Related Services Company, Inc. Systeme et procede de paiement de services de transport en commun
US7909246B2 (en) 2005-07-15 2011-03-22 Serve Virtual Enterprises, Inc. System and method for establishment of rules governing child accounts
US8762263B2 (en) 2005-09-06 2014-06-24 Visa U.S.A. Inc. System and method for secured account numbers in proximity devices
US7798394B2 (en) 2005-09-28 2010-09-21 Visa International Service Association Device, system and method for reducing an interaction time for a contactless transaction
EP2024921A4 (fr) 2005-10-06 2010-09-29 C Sam Inc Services de transactions
US8205791B2 (en) 2005-10-11 2012-06-26 National Payment Card Association Payment system and methods
US8352376B2 (en) 2005-10-11 2013-01-08 Amazon Technologies, Inc. System and method for authorization of transactions
US7853995B2 (en) 2005-11-18 2010-12-14 Microsoft Corporation Short-lived certificate authority service
US20070136193A1 (en) 2005-12-13 2007-06-14 Bellsouth Intellectual Property Corporation Methods, transactional cards, and systems using account identifers customized by the account holder
US8290433B2 (en) 2007-11-14 2012-10-16 Blaze Mobile, Inc. Method and system for securing transactions made through a mobile communication device
US8275312B2 (en) 2005-12-31 2012-09-25 Blaze Mobile, Inc. Induction triggered transactions using an external NFC device
US8352323B2 (en) 2007-11-30 2013-01-08 Blaze Mobile, Inc. Conducting an online payment transaction using an NFC enabled mobile communication device
US20070170247A1 (en) 2006-01-20 2007-07-26 Maury Samuel Friedman Payment card authentication system and method
EP1979864A1 (fr) 2006-01-30 2008-10-15 CPNI Inc. Système et procédé d'autorisation d'un transfert de fonds ou d'un paiement au moyen d'un numéro de téléphone
US8234220B2 (en) 2007-02-21 2012-07-31 Weiss Kenneth P Universal secure registry
WO2007145687A1 (fr) 2006-02-21 2007-12-21 Weiss Kenneth P Procédé et appareil pour paiement d'accès sécurisé et identification
EP1999715A4 (fr) 2006-03-02 2014-07-09 Visa Int Service Ass Procede et systeme de realisation d'authentification a deux facteurs dans des transactions de vente par correspondance ou de vente par telephone
US8225385B2 (en) 2006-03-23 2012-07-17 Microsoft Corporation Multiple security token transactions
US9065643B2 (en) 2006-04-05 2015-06-23 Visa U.S.A. Inc. System and method for account identifier obfuscation
US7818264B2 (en) 2006-06-19 2010-10-19 Visa U.S.A. Inc. Track data encryption
US20070245414A1 (en) 2006-04-14 2007-10-18 Microsoft Corporation Proxy Authentication and Indirect Certificate Chaining
WO2007148234A2 (fr) 2006-04-26 2007-12-27 Yosef Shaked Système et procédé pour authentifier l'identité d'un client et effectuer une transaction sécurisée par carte de crédit sans utiliser de numéro de carte de crédit
FR2901079A1 (fr) 2006-05-15 2007-11-16 Gemplus Sa Procede pour securiser une transaction par carte a puce, terminal d'ecriture pour securiser une telle transaction, et carte a puce securisee
US20070291995A1 (en) 2006-06-09 2007-12-20 Rivera Paul G System, Method, and Apparatus for Preventing Identity Fraud Associated With Payment and Identity Cards
US20080015988A1 (en) 2006-06-28 2008-01-17 Gary Brown Proxy card authorization system
US20080126260A1 (en) 2006-07-12 2008-05-29 Cox Mark A Point Of Sale Transaction Device With Magnetic Stripe Emulator And Biometric Authentication
US10019708B2 (en) 2006-08-25 2018-07-10 Amazon Technologies, Inc. Utilizing phrase tokens in transactions
US7469151B2 (en) 2006-09-01 2008-12-23 Vivotech, Inc. Methods, systems and computer program products for over the air (OTA) provisioning of soft cards on devices with wireless communications capabilities
US20080228646A1 (en) 2006-10-04 2008-09-18 Myers James R Method and system for managing a non-changing payment card account number
DE112007002744T5 (de) 2006-11-16 2009-10-08 Net1 Ueps Technologies, Inc. Gesicherte finanzielle Transaktionen
US7848980B2 (en) 2006-12-26 2010-12-07 Visa U.S.A. Inc. Mobile payment system and method using alias
US20090006262A1 (en) 2006-12-30 2009-01-01 Brown Kerry D Financial transaction payment processor
US7841539B2 (en) 2007-02-15 2010-11-30 Alfred Hewton Smart card with random temporary account number generation
US20080201264A1 (en) 2007-02-17 2008-08-21 Brown Kerry D Payment card financial transaction authenticator
GB2442249B (en) 2007-02-20 2008-09-10 Cryptomathic As Authentication device and method
US20080243702A1 (en) 2007-03-30 2008-10-02 Ricoh Company, Ltd. Tokens Usable in Value-Based Transactions
US7896238B2 (en) 2007-04-03 2011-03-01 Intellectual Ventures Holding 32 Llc Secured transaction using color coded account identifiers
US7938318B2 (en) 2007-04-03 2011-05-10 Intellectual Ventures Holding 32 Llc System and method for controlling secured transaction using directionally coded account identifiers
BRPI0810369B8 (pt) 2007-04-17 2019-05-28 Visa Usa Inc método, meio legível por computador, servidor de diretório, e, telefone
US8109436B1 (en) 2007-04-26 2012-02-07 United Services Automobile Association (Usaa) Secure card
US7959076B1 (en) 2007-04-26 2011-06-14 United Services Automobile Association (Usaa) Secure card
US7784685B1 (en) 2007-04-26 2010-08-31 United Services Automobile Association (Usaa) Secure card
CA2688762C (fr) 2007-05-17 2016-02-23 Shift4 Corporation Transactions de carte de paiement securisees
US7891563B2 (en) 2007-05-17 2011-02-22 Shift4 Corporation Secure payment card transactions
US7770789B2 (en) 2007-05-17 2010-08-10 Shift4 Corporation Secure payment card transactions
US7841523B2 (en) 2007-05-17 2010-11-30 Shift4 Corporation Secure payment card transactions
US20080305769A1 (en) 2007-06-08 2008-12-11 Nahum Rubinstein Device Method & System For Facilitating Mobile Transactions
US7971261B2 (en) 2007-06-12 2011-06-28 Microsoft Corporation Domain management for digital media
US7739169B2 (en) 2007-06-25 2010-06-15 Visa U.S.A. Inc. Restricting access to compromised account information
US8121956B2 (en) 2007-06-25 2012-02-21 Visa U.S.A. Inc. Cardless challenge systems and methods
JP2009015548A (ja) 2007-07-04 2009-01-22 Omron Corp 運転支援装置および方法、並びに、プログラム
US8326758B2 (en) 2007-08-06 2012-12-04 Enpulz, L.L.C. Proxy card representing many monetary sources from a plurality of vendors
US8355982B2 (en) 2007-08-16 2013-01-15 Verifone, Inc. Metrics systems and methods for token transactions
US20090048935A1 (en) 2007-08-16 2009-02-19 Microsoft Corporation Application program interface to manage gift cards and check authorizations
US8494959B2 (en) 2007-08-17 2013-07-23 Emc Corporation Payment card with dynamic account number
US7849014B2 (en) 2007-08-29 2010-12-07 American Express Travel Related Services Company, Inc. System and method for facilitating a financial transaction with a dynamically generated identifier
US9070129B2 (en) 2007-09-04 2015-06-30 Visa U.S.A. Inc. Method and system for securing data fields
US8041338B2 (en) 2007-09-10 2011-10-18 Microsoft Corporation Mobile wallet and digital payment
US7937324B2 (en) 2007-09-13 2011-05-03 Visa U.S.A. Inc. Account permanence
US9747598B2 (en) 2007-10-02 2017-08-29 Iii Holdings 1, Llc Dynamic security code push
US8095113B2 (en) 2007-10-17 2012-01-10 First Data Corporation Onetime passwords for smart chip cards
US20090106160A1 (en) 2007-10-19 2009-04-23 First Data Corporation Authorizations for mobile contactless payment transactions
US20090106138A1 (en) 2007-10-22 2009-04-23 Smith Steven E Transaction authentication over independent network
CN101425894B (zh) 2007-10-30 2012-03-21 阿里巴巴集团控股有限公司 一种业务实现系统及方法
US8249985B2 (en) 2007-11-29 2012-08-21 Bank Of America Corporation Sub-account mechanism
US20090157555A1 (en) 2007-12-12 2009-06-18 American Express Travel Related Services Company, Bill payment system and method
US8117129B2 (en) 2007-12-21 2012-02-14 American Express Travel Related Services Company, Inc. Systems, methods and computer program products for performing mass transit merchant transactions
US20090159699A1 (en) 2007-12-24 2009-06-25 Dynamics Inc. Payment cards and devices operable to receive point-of-sale actions before point-of-sale and forward actions at point-of-sale
US8224702B2 (en) 2007-12-28 2012-07-17 Ebay, Inc. Systems and methods for facilitating financial transactions over a network
WO2009089099A1 (fr) 2008-01-04 2009-07-16 M2 International Ltd. Valeur de vérification de carte dynamique
FR2926382B1 (fr) 2008-01-11 2010-02-26 Proton World Internat Nv Hierarchisation de cles cryptographiques dans un circuit electronique
FR2926938B1 (fr) 2008-01-28 2010-03-19 Paycool Dev Procede d'authentification et de signature d'un utilisateur aupres d'un service applicatif, utilisant un telephone mobile comme second facteur en complement et independamment d'un premier facteur
CN101515319B (zh) 2008-02-19 2011-01-26 联想(北京)有限公司 密钥处理方法、密钥密码学服务系统和密钥协商方法
US8214298B2 (en) 2008-02-26 2012-07-03 Rfinity Corporation Systems and methods for performing wireless financial transactions
US8255971B1 (en) 2008-03-03 2012-08-28 Jpmorgan Chase Bank, N.A. Authentication system and method
US8578176B2 (en) 2008-03-26 2013-11-05 Protegrity Corporation Method and apparatus for tokenization of sensitive sets of characters
US20090248583A1 (en) 2008-03-31 2009-10-01 Jasmeet Chhabra Device, system, and method for secure online transactions
WO2009136404A2 (fr) 2008-04-17 2009-11-12 Atom Technologies Limited Système et procédé pour mettre en œuvre une transaction sécurisée par un dispositif de communication mobile
US8200206B2 (en) 2008-04-21 2012-06-12 W2Bi, Inc. Virtual mobile and Ad/Alert management for mobile devices
US20090327131A1 (en) 2008-04-29 2009-12-31 American Express Travel Related Services Company, Inc. Dynamic account authentication using a mobile device
US20090276347A1 (en) 2008-05-01 2009-11-05 Kargman James B Method and apparatus for use of a temporary financial transaction number or code
US9715709B2 (en) 2008-05-09 2017-07-25 Visa International Services Association Communication device including multi-part alias identifier
CN101593196B (zh) 2008-05-30 2013-09-25 日电(中国)有限公司 用于快速密文检索的方法、装置和系统
US8651374B2 (en) 2008-06-02 2014-02-18 Sears Brands, L.L.C. System and method for payment card industry enterprise account number elimination
US20090307140A1 (en) 2008-06-06 2009-12-10 Upendra Mardikar Mobile device over-the-air (ota) registration and point-of-sale (pos) payment
JP2010004390A (ja) 2008-06-20 2010-01-07 Toshiba Corp 通信装置、鍵サーバ及びデータ
US9269010B2 (en) 2008-07-14 2016-02-23 Jumio Inc. Mobile phone payment system using integrated camera credit card reader
US8090650B2 (en) 2008-07-24 2012-01-03 At&T Intellectual Property I, L.P. Secure payment service and system for interactive voice response (IVR) systems
US8219489B2 (en) 2008-07-29 2012-07-10 Visa U.S.A. Inc. Transaction processing using a global unique identifier
US9053474B2 (en) 2008-08-04 2015-06-09 At&T Mobility Ii Llc Systems and methods for handling point-of-sale transactions using a mobile device
US8281991B2 (en) 2008-08-07 2012-10-09 Visa U.S.A. Inc. Transaction secured in an untrusted environment
US8403211B2 (en) 2008-09-04 2013-03-26 Metabank System, program product and methods for retail activation and reload associated with partial authorization transactions
AU2009293439B2 (en) 2008-09-17 2013-01-17 Mastercard International, Inc. Off-line activation/loading of pre-authorized and cleared payment cards
US9026462B2 (en) 2008-09-30 2015-05-05 Apple Inc. Portable point of purchase user interfaces
US8965811B2 (en) 2008-10-04 2015-02-24 Mastercard International Incorporated Methods and systems for using physical payment cards in secure E-commerce transactions
US20100094755A1 (en) 2008-10-09 2010-04-15 Nelnet Business Solutions, Inc. Providing payment data tokens for online transactions utilizing hosted inline frames
US20100106644A1 (en) 2008-10-23 2010-04-29 Diversinet Corp. System and Method for Authorizing Transactions Via Mobile Devices
US8126449B2 (en) 2008-11-13 2012-02-28 American Express Travel Related Services Company, Inc. Servicing attributes on a mobile device
US8196813B2 (en) 2008-12-03 2012-06-12 Ebay Inc. System and method to allow access to a value holding account
US8838503B2 (en) 2008-12-08 2014-09-16 Ebay Inc. Unified identity verification
US8060449B1 (en) 2009-01-05 2011-11-15 Sprint Communications Company L.P. Partially delegated over-the-air provisioning of a secure element
US10037524B2 (en) 2009-01-22 2018-07-31 First Data Corporation Dynamic primary account number (PAN) and unique key per card
US10354321B2 (en) 2009-01-22 2019-07-16 First Data Corporation Processing transactions with an extended application ID and dynamic cryptograms
US8606638B2 (en) 2009-03-02 2013-12-10 First Data Corporation Systems, methods and apparatus for facilitating transactions using a mobile device
US20100235284A1 (en) 2009-03-13 2010-09-16 Gidah, Inc. Method and systems for generating and using tokens in a transaction handling system
US8595098B2 (en) 2009-03-18 2013-11-26 Network Merchants, Inc. Transmission of sensitive customer information during electronic-based transactions
CA2697921C (fr) 2009-03-27 2019-09-24 Intersections Inc. Valeurs de verification de cartes et transactions de credit dynamiques
US8584251B2 (en) 2009-04-07 2013-11-12 Princeton Payment Solutions Token-based payment processing system
US20100258620A1 (en) 2009-04-10 2010-10-14 Denise Torreyson Methods and systems for linking multiple accounts
US9572025B2 (en) 2009-04-16 2017-02-14 Telefonaktiebolaget Lm Ericsson (Publ) Method, server, computer program and computer program product for communicating with secure element
WO2010127012A1 (fr) 2009-04-28 2010-11-04 Mastercard International Incorporated Appareil, procédé et produit programme d'ordinateur pour fournir un mécanisme de contrôle de qualité pour l'interface sans contact d'une carte à double interface
EP2425386A2 (fr) 2009-04-30 2012-03-07 Donald Michael Cardina Systèmes et procédés pour paiement mobile rendu aléatoire
US8725122B2 (en) 2009-05-13 2014-05-13 First Data Corporation Systems and methods for providing trusted service management services
US8602293B2 (en) 2009-05-15 2013-12-10 Visa International Service Association Integration of verification tokens with portable computing devices
US8534564B2 (en) 2009-05-15 2013-09-17 Ayman Hammad Integration of verification tokens with mobile communication devices
US8893967B2 (en) 2009-05-15 2014-11-25 Visa International Service Association Secure Communication of payment information to merchants using a verification token
US10140598B2 (en) 2009-05-20 2018-11-27 Visa International Service Association Device including encrypted data for expiration date and verification value creation
US20100306076A1 (en) 2009-05-29 2010-12-02 Ebay Inc. Trusted Integrity Manager (TIM)
SE0950411A1 (sv) 2009-06-04 2010-09-21 Accumulate Ab Metod för säkra transaktioner
TWI402775B (zh) 2009-07-16 2013-07-21 Mxtran Inc 金融交易系統、自動櫃員機、與操作自動櫃員機的方法
US8504475B2 (en) 2009-08-10 2013-08-06 Visa International Service Association Systems and methods for enrolling users in a payment service
US20110046969A1 (en) 2009-08-24 2011-02-24 Mark Carlson Alias hierarchy and data structure
US10454693B2 (en) 2009-09-30 2019-10-22 Visa International Service Association Mobile payment application architecture
US8799666B2 (en) 2009-10-06 2014-08-05 Synaptics Incorporated Secure user authentication using biometric information
WO2011047030A2 (fr) 2009-10-13 2011-04-21 Square, Inc. Systèmes et procédés pour circuits passifs d'identification
US8447699B2 (en) 2009-10-13 2013-05-21 Qualcomm Incorporated Global secure service provider directory
CA2777799A1 (fr) 2009-10-16 2011-04-21 Visa International Service Association Systeme et procede d'anti-hameconnage comprenant une liste avec des donnees d'utilisateur
US8523059B1 (en) 2009-10-20 2013-09-03 Dynamics Inc. Advanced payment options for powered cards and devices
US20110246317A1 (en) 2009-10-23 2011-10-06 Apriva, Llc System and device for facilitating a transaction through use of a proxy account code
US8296568B2 (en) 2009-10-27 2012-10-23 Google Inc. Systems and methods for authenticating an electronic transaction
US8433116B2 (en) 2009-11-03 2013-04-30 Mela Sciences, Inc. Showing skin lesion information
US9633351B2 (en) 2009-11-05 2017-04-25 Visa International Service Association Encryption switch processing
US8739262B2 (en) 2009-12-18 2014-05-27 Sabre Glbl Inc. Tokenized data security
US10255591B2 (en) 2009-12-18 2019-04-09 Visa International Service Association Payment channel returning limited use proxy dynamic value
US9324066B2 (en) 2009-12-21 2016-04-26 Verizon Patent And Licensing Inc. Method and system for providing virtual credit card services
US8998096B2 (en) 2010-04-01 2015-04-07 Coin, Inc. Magnetic emissive use of preloaded payment card account numbers
US8788429B2 (en) 2009-12-30 2014-07-22 First Data Corporation Secure transaction management
EP2524471B1 (fr) 2010-01-12 2015-03-11 Visa International Service Association Validation permanente de jetons de vérification
CA2787060C (fr) 2010-01-19 2017-07-25 Visa International Service Association Authentification de transaction sur la base d'un jeton
BR112012017881A2 (pt) 2010-01-19 2016-05-03 Visa Int Service Ass método, mídia legível por computador não transitória, e, sistema
US8615468B2 (en) 2010-01-27 2013-12-24 Ca, Inc. System and method for generating a dynamic card value
US9501773B2 (en) 2010-02-02 2016-11-22 Xia Dai Secured transaction system
US8510816B2 (en) 2010-02-25 2013-08-13 Secureauth Corporation Security device provisioning
US9195926B2 (en) 2010-03-02 2015-11-24 Gonow Technologies, Llc Portable e-wallet and universal card
US9245267B2 (en) 2010-03-03 2016-01-26 Visa International Service Association Portable account number for consumer payment account
US8458487B1 (en) 2010-03-03 2013-06-04 Liaison Technologies, Inc. System and methods for format preserving tokenization of sensitive information
US20110238511A1 (en) 2010-03-07 2011-09-29 Park Steve H Fuel dispenser payment system and method
US8402555B2 (en) 2010-03-21 2013-03-19 William Grecia Personalized digital media access system (PDMAS)
US8887308B2 (en) 2010-03-21 2014-11-11 William Grecia Digital cloud access (PDMAS part III)
US8533860B1 (en) 2010-03-21 2013-09-10 William Grecia Personalized digital media access system—PDMAS part II
US20110238573A1 (en) 2010-03-25 2011-09-29 Computer Associates Think, Inc. Cardless atm transaction method and system
US10579995B2 (en) 2010-03-30 2020-03-03 Visa International Service Association Event access with data field encryption for validation and access control
US9189786B2 (en) 2010-03-31 2015-11-17 Mastercard International Incorporated Systems and methods for operating transaction terminals
US9208482B2 (en) 2010-04-09 2015-12-08 Paypal, Inc. Transaction token issuing authorities
US8380177B2 (en) 2010-04-09 2013-02-19 Paydiant, Inc. Mobile phone payment processing methods and systems
US8336088B2 (en) 2010-04-19 2012-12-18 Visa International Service Association Alias management and value transfer claim processing
JP5433498B2 (ja) 2010-05-27 2014-03-05 株式会社東芝 暗号処理装置
US20120030047A1 (en) 2010-06-04 2012-02-02 Jacob Fuentes Payment tokenization apparatuses, methods and systems
US8442914B2 (en) 2010-07-06 2013-05-14 Mastercard International Incorporated Virtual wallet account with automatic-loading
US8571939B2 (en) 2010-07-07 2013-10-29 Toshiba Global Commerce Solutions Holdings Corporation Two phase payment link and authorization for mobile devices
FR2962571B1 (fr) 2010-07-08 2012-08-17 Inside Contactless Procede d'execution d'une application securisee dans un dispositif nfc
US8453226B2 (en) 2010-07-16 2013-05-28 Visa International Service Association Token validation for advanced authorization
US8635157B2 (en) 2010-07-19 2014-01-21 Payme, Inc. Mobile system and method for payments and non-financial transactions
US20120028609A1 (en) 2010-07-27 2012-02-02 John Hruska Secure financial transaction system using a registered mobile device
US9342832B2 (en) 2010-08-12 2016-05-17 Visa International Service Association Securing external systems with account token substitution
EP2603892A4 (fr) 2010-08-12 2015-09-02 Mastercard International Inc Portefeuille utilisant des canaux de commerce multiples pour effectuer des transactions authentifiées
CN101938520B (zh) 2010-09-07 2015-01-28 中兴通讯股份有限公司 一种基于移动终端签名的远程支付系统及方法
US20120066078A1 (en) 2010-09-10 2012-03-15 Bank Of America Corporation Overage service using overage passcode
US9445135B2 (en) 2010-09-17 2016-09-13 Futurewei Technologies, Inc. Method and apparatus for scrub preview services
US8898086B2 (en) 2010-09-27 2014-11-25 Fidelity National Information Services Systems and methods for transmitting financial account information
US20120095852A1 (en) 2010-10-15 2012-04-19 John Bauer Method and system for electronic wallet access
US9558481B2 (en) 2010-09-28 2017-01-31 Barclays Bank Plc Secure account provisioning
US20120089519A1 (en) 2010-10-06 2012-04-12 Prasad Peddada System and method for single use transaction signatures
US20120095865A1 (en) 2010-10-15 2012-04-19 Ezpayy, Inc. System And Method For Mobile Electronic Purchasing
US9965756B2 (en) 2013-02-26 2018-05-08 Digimarc Corporation Methods and arrangements for smartphone payments
US10176477B2 (en) 2010-11-16 2019-01-08 Mastercard International Incorporated Methods and systems for universal payment account translation
US8577336B2 (en) 2010-11-18 2013-11-05 Mobilesphere Holdings LLC System and method for transaction authentication using a mobile communication device
WO2012073014A1 (fr) 2010-11-29 2012-06-07 Mobay Technologies Limited Système pour vérifier des transactions électroniques
US9141945B2 (en) 2010-12-02 2015-09-22 Appmobi Iplc, Inc. Secure distributed single action payment system
US20120143754A1 (en) 2010-12-03 2012-06-07 Narendra Patel Enhanced credit card security apparatus and method
US20120143707A1 (en) 2010-12-07 2012-06-07 Deepak Jain Executing Reader Application
US8762284B2 (en) 2010-12-16 2014-06-24 Democracyontheweb, Llc Systems and methods for facilitating secure transactions
US8646059B1 (en) 2010-12-17 2014-02-04 Google Inc. Wallet application for interacting with a secure element application without a trusted server for authentication
EP2656281A4 (fr) 2010-12-20 2015-01-14 Antonio Claudiu Eram Système, procédé et appareil pour permettre des paiements mobiles et exécuter des commandes
US20120173431A1 (en) 2010-12-30 2012-07-05 First Data Corporation Systems and methods for using a token as a payment in a transaction
US20120185386A1 (en) 2011-01-18 2012-07-19 Bank Of America Authentication tool
WO2012098555A1 (fr) 2011-01-20 2012-07-26 Google Inc. Facturation de porteuse directe
US8725644B2 (en) 2011-01-28 2014-05-13 The Active Network, Inc. Secure online transaction processing
US20120203664A1 (en) 2011-02-09 2012-08-09 Tycoon Unlimited, Inc. Contactless wireless transaction processing system
US20120203666A1 (en) 2011-02-09 2012-08-09 Tycoon Unlimited, Inc. Contactless wireless transaction processing system
WO2012116221A1 (fr) 2011-02-23 2012-08-30 Mastercard International, Inc. Système de paiement par compte à vue
AU2012223415B2 (en) 2011-02-28 2017-05-18 Visa International Service Association Secure anonymous transaction apparatuses, methods and systems
CN107967602A (zh) 2011-03-04 2018-04-27 维萨国际服务协会 支付能力结合至计算机的安全元件
US20120231844A1 (en) 2011-03-11 2012-09-13 Apriva, Llc System and device for facilitating a transaction by consolidating sim, personal token, and associated applications for electronic wallet transactions
US20120233004A1 (en) 2011-03-11 2012-09-13 James Bercaw System for mobile electronic commerce
US20120246071A1 (en) 2011-03-21 2012-09-27 Nikhil Jain System and method for presentment of nonconfidential transaction token identifier
AU2012201745B2 (en) 2011-03-24 2014-11-13 Visa International Service Association Authentication using application authentication element
US20120254041A1 (en) 2011-03-31 2012-10-04 Infosys Technologies Ltd. One-time credit card numbers
GB201105765D0 (en) 2011-04-05 2011-05-18 Visa Europe Ltd Payment system
GB201105774D0 (en) 2011-04-05 2011-05-18 Visa Europe Ltd Payment system
US9280765B2 (en) 2011-04-11 2016-03-08 Visa International Service Association Multiple tokenization for authentication
US8688589B2 (en) 2011-04-15 2014-04-01 Shift4 Corporation Method and system for utilizing authorization factor pools
WO2012142370A2 (fr) 2011-04-15 2012-10-18 Shift4 Corporation Procédé et système permettant à des marchands de partager des jetons
US9256874B2 (en) 2011-04-15 2016-02-09 Shift4 Corporation Method and system for enabling merchants to share tokens
US9818111B2 (en) 2011-04-15 2017-11-14 Shift4 Corporation Merchant-based token sharing
US20120271770A1 (en) 2011-04-20 2012-10-25 Visa International Service Association Managing electronic tokens in a transaction processing system
US8639938B2 (en) 2011-05-03 2014-01-28 International Business Machines Corporation Personal identification number security enhancement
US20130110658A1 (en) 2011-05-05 2013-05-02 Transaction Network Services, Inc. Systems and methods for enabling mobile payments
US20130204793A1 (en) 2011-05-17 2013-08-08 Kevin S. Kerridge Smart communication device secured electronic payment system
US9154477B2 (en) 2011-05-26 2015-10-06 First Data Corporation Systems and methods for encrypting mobile device communications
US8943574B2 (en) 2011-05-27 2015-01-27 Vantiv, Llc Tokenizing sensitive data
US10395256B2 (en) 2011-06-02 2019-08-27 Visa International Service Association Reputation management in a transaction processing system
US8538845B2 (en) 2011-06-03 2013-09-17 Mozido, Llc Monetary transaction system
WO2012167202A2 (fr) 2011-06-03 2012-12-06 Visa International Service Association Appareils, procédés et systèmes de sélection de carte de portefeuille virtuel
EP2718886A4 (fr) 2011-06-07 2015-01-14 Visa Int Service Ass Appareils, procédés et systèmes de segmentation en unités de confidentialité de paiement
US10318932B2 (en) 2011-06-07 2019-06-11 Entit Software Llc Payment card processing system with structure preserving encryption
WO2012167941A1 (fr) 2011-06-09 2012-12-13 Gemalto Sa Procédé pour valider une transaction entre un utilisateur et un fournisseur de services
WO2012170895A1 (fr) 2011-06-09 2012-12-13 Yeager C Douglas Systèmes et procédés conçus pour autoriser une transaction
US9355393B2 (en) 2011-08-18 2016-05-31 Visa International Service Association Multi-directional wallet connector apparatuses, methods and systems
US9639828B2 (en) 2011-07-15 2017-05-02 Visa International Service Association Method and system for hosted order page/silent order post plus fraud detection
US9704155B2 (en) 2011-07-29 2017-07-11 Visa International Service Association Passing payment tokens through an hop/sop
US20130054337A1 (en) 2011-08-22 2013-02-28 American Express Travel Related Services Company, Inc. Methods and systems for contactless payments for online ecommerce checkout
US20130226799A1 (en) 2011-08-23 2013-08-29 Thanigaivel Ashwin Raj Authentication process for value transfer machine
WO2013028910A2 (fr) 2011-08-23 2013-02-28 Visa International Service Association Procédé et système de transfert de fonds par mobile
US10032171B2 (en) 2011-08-30 2018-07-24 Simplytapp, Inc. Systems and methods for secure application-based participation in an interrogation by mobile device
US20130339253A1 (en) 2011-08-31 2013-12-19 Dan Moshe Sincai Mobile Device Based Financial Transaction System
US8171525B1 (en) 2011-09-15 2012-05-01 Google Inc. Enabling users to select between secure service providers using a central trusted service manager
US8838982B2 (en) 2011-09-21 2014-09-16 Visa International Service Association Systems and methods to secure user identification
CA2849324C (fr) 2011-09-22 2020-01-07 Securekey Technologies Inc. Systemes et procedes de traitement sans contact de transactions
US8453223B2 (en) 2011-09-23 2013-05-28 Jerome Svigals Method, device and system for secure transactions
EP2761551A4 (fr) 2011-10-01 2015-09-02 Intel Corp Émulation de carte de crédit en nuage
US8787832B2 (en) * 2011-10-11 2014-07-22 Microsoft Corporation Dynamic range wireless communications access point
EP2767110A4 (fr) 2011-10-12 2015-01-28 C Sam Inc Plateforme mobile d'activation de transaction sécurisée à plusieurs étages
US9721319B2 (en) 2011-10-14 2017-08-01 Mastercard International Incorporated Tap and wireless payment methods and devices
US9229964B2 (en) 2011-10-27 2016-01-05 Visa International Business Machines Corporation Database cloning and migration for quality assurance
US8875228B2 (en) 2011-11-01 2014-10-28 Jvl Ventures, Llc Systems, methods, and computer program products for managing secure elements
US9830596B2 (en) 2011-11-01 2017-11-28 Stripe, Inc. Method for conducting a transaction between a merchant site and a customer's electronic device without exposing payment information to a server-side application of the merchant site
US20130124364A1 (en) 2011-11-13 2013-05-16 Millind Mittal System and method of electronic payment using payee provided transaction identification codes
US20160140566A1 (en) 2011-11-13 2016-05-19 Google Inc. Secure transmission of payment credentials
US9348896B2 (en) 2011-12-05 2016-05-24 Visa International Service Association Dynamic network analytics system
US8972719B2 (en) 2011-12-06 2015-03-03 Wwpass Corporation Passcode restoration
US8555079B2 (en) 2011-12-06 2013-10-08 Wwpass Corporation Token management
US8656180B2 (en) 2011-12-06 2014-02-18 Wwpass Corporation Token activation
US20130159178A1 (en) 2011-12-14 2013-06-20 Firethorn Mobile, Inc. System and Method For Loading A Virtual Token Managed By A Mobile Wallet System
US20130159184A1 (en) 2011-12-15 2013-06-20 Visa International Service Association System and method of using load network to associate product or service with a consumer token
US20140040139A1 (en) 2011-12-19 2014-02-06 Sequent Software, Inc. System and method for dynamic temporary payment authorization in a portable communication device
EP2795549A4 (fr) 2011-12-21 2015-09-23 Mastercard International Inc Procédés est systèmes permettant d'équiper un compte de paiement d'échange adaptatif
US9077769B2 (en) 2011-12-29 2015-07-07 Blackberry Limited Communications system providing enhanced trusted service manager (TSM) verification features and related methods
US20130254117A1 (en) 2011-12-30 2013-09-26 Clay W. von Mueller Secured transaction system and method
US8566168B1 (en) 2012-01-05 2013-10-22 Sprint Communications Company L.P. Electronic payment using a proxy account number stored in a secure element
RU2631983C2 (ru) 2012-01-05 2017-09-29 Виза Интернэшнл Сервис Ассосиэйшн Защита данных с переводом
US9799027B2 (en) 2012-01-19 2017-10-24 Mastercard International Incorporated System and method to enable a network of digital wallets
US8856640B1 (en) 2012-01-20 2014-10-07 Google Inc. Method and apparatus for applying revision specific electronic signatures to an electronically stored document
US9830595B2 (en) 2012-01-26 2017-11-28 Visa International Service Association System and method of providing tokenization as a service
US10643191B2 (en) 2012-01-27 2020-05-05 Visa International Service Association Mobile services remote deposit capture
US8595850B2 (en) 2012-01-30 2013-11-26 Voltage Security, Inc. System for protecting sensitive data with distributed tokenization
WO2013116726A1 (fr) 2012-02-03 2013-08-08 Ebay Inc. Ajout d'une carte à un portefeuille mobile à l'aide d'une nfc
EP2624190A1 (fr) 2012-02-03 2013-08-07 Pieter Dubois Authentification de transactions de paiement utilisant un alias
US20130212019A1 (en) 2012-02-10 2013-08-15 Ulf Mattsson Tokenization of payment information in mobile environments
US20130212017A1 (en) 2012-02-14 2013-08-15 N.B. Development Services Inc. Transaction system and method of conducting a transaction
US20130226813A1 (en) 2012-02-23 2013-08-29 Robert Matthew Voltz Cyberspace Identification Trust Authority (CITA) System and Method
WO2013138528A1 (fr) 2012-03-14 2013-09-19 Visa International Service Association Appareils, procédés et systèmes de redirection de fonction de compte de point de transaction
US20130246267A1 (en) 2012-03-15 2013-09-19 Ebay Inc. Systems, Methods, and Computer Program Products for Using Proxy Accounts
US20130246259A1 (en) 2012-03-15 2013-09-19 Firethorn Mobile, Inc. System and method for managing payment in transactions with a pcd
US9092776B2 (en) 2012-03-15 2015-07-28 Qualcomm Incorporated System and method for managing payment in transactions with a PCD
US9105021B2 (en) 2012-03-15 2015-08-11 Ebay, Inc. Systems, methods, and computer program products for using proxy accounts
US10535064B2 (en) 2012-03-19 2020-01-14 Paynet Payments Network, Llc Systems and methods for real-time account access
US9818098B2 (en) 2012-03-20 2017-11-14 First Data Corporation Systems and methods for facilitating payments via a peer-to-peer protocol
US20130254102A1 (en) 2012-03-20 2013-09-26 First Data Corporation Systems and Methods for Distributing Tokenization and De-Tokenization Services
US20130254028A1 (en) 2012-03-22 2013-09-26 Corbuss Kurumsal Telekom Hizmetleri A.S. System and method for conducting mobile commerce
US9842335B2 (en) 2012-03-23 2017-12-12 The Toronto-Dominion Bank System and method for authenticating a payment terminal
US20130262315A1 (en) 2012-03-30 2013-10-03 John Hruska System for Secure Purchases Made by Scanning Barcode Using a Registered Mobile Phone Application Linked to a Consumer-Merchant Closed Loop Financial Proxy Account System
US10515359B2 (en) * 2012-04-02 2019-12-24 Mastercard International Incorporated Systems and methods for processing mobile payments by provisioning credentials to mobile devices without secure elements
WO2013151807A1 (fr) 2012-04-02 2013-10-10 Jvl Ventures, Llc Systèmes, procédés et produits-programmes informatiques de provisionnement de comptes de paiement dans des portefeuilles mobiles et de gestion d'événements
WO2013155536A1 (fr) 2012-04-13 2013-10-17 Mastercard International Incorporated Systèmes, procédés et supports lisibles par ordinateur pour mettre en oeuvre une transaction au moyen de justificatifs d'identité de nuage
EP2839421A4 (fr) 2012-04-18 2015-07-15 Google Inc Traitement de transactions de paiement sans élément sécurisé
US20130282588A1 (en) 2012-04-22 2013-10-24 John Hruska Consumer, Merchant and Mobile Device Specific, Real-Time Dynamic Tokenization Activation within a Secure Mobile-Wallet Financial Transaction System
US8990572B2 (en) 2012-04-24 2015-03-24 Daon Holdings Limited Methods and systems for conducting smart card transactions
WO2013166501A1 (fr) 2012-05-04 2013-11-07 Visa International Service Association Système et procédé pour la conversion de données locales
US10275764B2 (en) 2012-05-04 2019-04-30 Mastercard International Incorporated Transaction data tokenization
US9521548B2 (en) 2012-05-21 2016-12-13 Nexiden, Inc. Secure registration of a mobile device for use with a session
US20130311382A1 (en) 2012-05-21 2013-11-21 Klaus S. Fosmark Obtaining information for a payment transaction
WO2013179271A2 (fr) 2012-06-01 2013-12-05 Mani Venkatachalam Sthanu Subra Procédé et système de paiement sécurisé assisté par l'homme par téléphone à un tiers fournisseur de service non sécurisé
US9524501B2 (en) 2012-06-06 2016-12-20 Visa International Service Association Method and system for correlating diverse transaction data
JP2013255161A (ja) * 2012-06-08 2013-12-19 Hitachi Ltd 暗号鍵更新システム及び鍵更新プログラム
US20130346305A1 (en) 2012-06-26 2013-12-26 Carta Worldwide Inc. Mobile wallet payment processing
US20140007213A1 (en) 2012-06-29 2014-01-02 Wepay, Inc. Systems and methods for push notification based application authentication and authorization
US9547769B2 (en) 2012-07-03 2017-01-17 Visa International Service Association Data protection hub
US9059972B2 (en) 2012-07-03 2015-06-16 International Business Machines Corporation Issuing, presenting and challenging mobile device identification documents
US20140025581A1 (en) 2012-07-19 2014-01-23 Bank Of America Corporation Mobile transactions using authorized tokens
US9043609B2 (en) 2012-07-19 2015-05-26 Bank Of America Corporation Implementing security measures for authorized tokens used in mobile transactions
US20140025585A1 (en) 2012-07-19 2014-01-23 Bank Of America Corporation Distributing authorized tokens to conduct mobile transactions
US9846861B2 (en) 2012-07-25 2017-12-19 Visa International Service Association Upstream and downstream data conversion
US9256871B2 (en) 2012-07-26 2016-02-09 Visa U.S.A. Inc. Configurable payment tokens
US10445720B2 (en) 2012-07-31 2019-10-15 Worldpay, Llc Systems and methods for payment management for supporting mobile payments
US10339524B2 (en) 2012-07-31 2019-07-02 Worldpay, Llc Systems and methods for multi-merchant tokenization
US10346838B2 (en) 2012-07-31 2019-07-09 Worldpay, Llc Systems and methods for distributed enhanced payment processing
US10152711B2 (en) 2012-07-31 2018-12-11 Worldpay, Llc Systems and methods for arbitraged enhanced payment processing
ES2680152T3 (es) 2012-08-03 2018-09-04 OneSpan International GmbH Método y aparato de autenticación conveniente para el usuario usando una aplicación de autenticación móvil
US9361619B2 (en) 2012-08-06 2016-06-07 Ca, Inc. Secure and convenient mobile authentication techniques
US9665722B2 (en) 2012-08-10 2017-05-30 Visa International Service Association Privacy firewall
WO2014028926A1 (fr) 2012-08-17 2014-02-20 Google Inc. Fonctionnalité de lecteur sans fil et de terminal de transaction de paiement
AU2013308905B2 (en) 2012-08-28 2018-12-13 Visa International Service Association Protecting assets on a device
AU2013315510B2 (en) 2012-09-11 2019-08-22 Visa International Service Association Cloud-based Virtual Wallet NFC Apparatuses, methods and systems
US8955039B2 (en) 2012-09-12 2015-02-10 Intel Corporation Mobile platform with sensor data security
US20140108241A1 (en) 2012-10-08 2014-04-17 NXT-ID, Inc. Method for Replacing Traditional Payment and Identity Management Systems and Components to Provide Additional Security and a System Implementing Said Method
US9390412B2 (en) 2012-10-16 2016-07-12 Visa International Service Association Dynamic point of sale system integrated with reader device
US10176478B2 (en) 2012-10-23 2019-01-08 Visa International Service Association Transaction initiation determination system utilizing transaction data elements
US9911118B2 (en) 2012-11-21 2018-03-06 Visa International Service Association Device pairing via trusted intermediary
US20140149285A1 (en) 2012-11-29 2014-05-29 International Business Machines Corporation Effecting payments via mobile phones
US20140164243A1 (en) 2012-12-07 2014-06-12 Christian Aabye Dynamic Account Identifier With Return Real Account Identifier
KR101316377B1 (ko) 2012-12-26 2013-10-08 신한카드 주식회사 결제 디바이스의 금융 칩 제어방법
KR101330867B1 (ko) 2012-12-27 2013-11-18 신한카드 주식회사 결제 디바이스에 대한 상호인증 방법
US9741051B2 (en) 2013-01-02 2017-08-22 Visa International Service Association Tokenization and third-party interaction
US20140324690A1 (en) 2013-01-11 2014-10-30 American Express Travel Related Services Company, Inc. System and method for a single digital wallet dynamic checkout tool
DE102013003205A1 (de) 2013-02-26 2014-08-28 Giesecke & Devrient Gmbh Verfahren zur sicheren Zugangscode-Eingabe
BR112015020007A2 (pt) 2013-02-26 2017-07-18 Visa Int Service Ass métodos e sistemas para proporcionar credenciais de pagamento
US20140244514A1 (en) 2013-02-26 2014-08-28 Digimarc Corporation Methods and arrangements for smartphone payments and transactions
US9022285B2 (en) 2013-03-01 2015-05-05 Looppay, Inc. System and method for securely loading, storing and transmitting magnetic stripe date in a device working with a mobile wallet system
GB201304764D0 (en) 2013-03-15 2013-05-01 Mastercard International Inc Method and apparatus for payment transactions
US9249241B2 (en) 2013-03-27 2016-02-02 Ut-Battelle, Llc Surface-functionalized mesoporous carbon materials
GB2512595A (en) 2013-04-02 2014-10-08 Mastercard International Inc Integrated contactless mpos implementation
WO2014162296A1 (fr) 2013-04-04 2014-10-09 Visa International Service Association Procédé et système permettant de réaliser des transactions financières pré-autorisées
US20140310183A1 (en) 2013-04-15 2014-10-16 Lance Weber Embedded acceptance system
US20160019512A1 (en) 2013-04-21 2016-01-21 SSI America INC. Transaction facilitation methods and apparatuses
US20140331265A1 (en) 2013-05-01 2014-11-06 Microsoft Corporation Integrated interactive television entertainment system
US11055710B2 (en) 2013-05-02 2021-07-06 Visa International Service Association Systems and methods for verifying and processing transactions using virtual currency
US20140330722A1 (en) 2013-05-02 2014-11-06 Prasanna Laxminarayanan System and method for using an account sequence identifier
US9760886B2 (en) 2013-05-10 2017-09-12 Visa International Service Association Device provisioning using partial personalization scripts
EP2997532A4 (fr) 2013-05-15 2016-05-11 Visa Int Service Ass Concentrateur de tokénisation pour mobile
US9118486B2 (en) 2013-05-21 2015-08-25 Cisco Technology, Inc. Revocation of public key infrastructure signatures
GB2514780A (en) 2013-06-03 2014-12-10 Mastercard International Inc Methods and apparatus for performing local transactions
US10878422B2 (en) 2013-06-17 2020-12-29 Visa International Service Association System and method using merchant token
EP3017411A4 (fr) 2013-07-02 2016-07-13 Visa Int Service Ass Carte de paiement comprenant une interface utilisateur destinée à être utilisée avec un terminal d'acceptation de carte de paiement
KR102442663B1 (ko) 2013-07-15 2022-09-13 비자 인터네셔널 서비스 어소시에이션 보안 원격 지불 거래 처리
US9996835B2 (en) 2013-07-24 2018-06-12 Visa International Service Association Systems and methods for communicating token attributes associated with a token vault
CN105612543B (zh) 2013-08-08 2022-05-27 维萨国际服务协会 用于为移动设备供应支付凭证的方法和系统
US10496986B2 (en) 2013-08-08 2019-12-03 Visa International Service Association Multi-network tokenization processing
WO2015023999A1 (fr) 2013-08-15 2015-02-19 Visa International Service Association Traitement sécurisé de transactions de paiement à distance à l'aide d'un élément sécurisé
WO2015026664A1 (fr) 2013-08-20 2015-02-26 Mastercard International Incorporated Procédé et système de traitement informatique de plate-forme de gestion de code
US9819661B2 (en) 2013-09-12 2017-11-14 The Boeing Company Method of authorizing an operation to be performed on a targeted computing device
US10037082B2 (en) 2013-09-17 2018-07-31 Paypal, Inc. Physical interaction dependent transactions
AU2014321178A1 (en) 2013-09-20 2016-04-14 Visa International Service Association Secure remote payment transaction processing including consumer authentication
JP6386567B2 (ja) 2013-10-11 2018-09-05 ビザ インターナショナル サービス アソシエーション ネットワーク・トークン・システム
US9978094B2 (en) 2013-10-11 2018-05-22 Visa International Service Association Tokenization revocation list
US10515358B2 (en) 2013-10-18 2019-12-24 Visa International Service Association Contextual transaction token methods and systems
US10489779B2 (en) 2013-10-21 2019-11-26 Visa International Service Association Multi-network token bin routing with defined verification parameters
US9786423B2 (en) 2013-10-28 2017-10-10 Massachusetts Institute Of Technology Method and apparatus for producing an asymmetric magnetic field
WO2015065323A1 (fr) 2013-10-29 2015-05-07 Intel Corporation Architecture de code d'amorçage flexible
US10366387B2 (en) 2013-10-29 2019-07-30 Visa International Service Association Digital wallet system and method
US20150127529A1 (en) 2013-11-05 2015-05-07 Oleg Makhotin Methods and systems for mobile payment application selection and management using an application linker
US9425968B2 (en) 2013-11-15 2016-08-23 Landis+Gyr Innovations, Inc. System and method for updating an encryption key across a network
US20150142673A1 (en) 2013-11-18 2015-05-21 Mark Nelsen Methods and systems for token request management
CA2930149A1 (fr) 2013-11-19 2015-05-28 Visa International Service Association Approvisionnement de compte automatise
US9037491B1 (en) 2013-11-26 2015-05-19 Square, Inc. Card reader emulation for cardless transactions
US20150161597A1 (en) 2013-12-09 2015-06-11 Kaushik Subramanian Transactions using temporary credential data
US9350774B2 (en) 2013-12-16 2016-05-24 Dropbox, Inc. Automatic sharing of digital multimedia
US9922322B2 (en) * 2013-12-19 2018-03-20 Visa International Service Association Cloud-based transactions with magnetic secure transmission
RU2686014C1 (ru) 2013-12-19 2019-04-23 Виза Интернэшнл Сервис Ассосиэйшн Способы и системы облачных транзакций
US10445718B2 (en) 2013-12-27 2019-10-15 Visa International Service Association Processing a transaction using multiple application identifiers
US10108409B2 (en) 2014-01-03 2018-10-23 Visa International Service Association Systems and methods for updatable applets
US10433128B2 (en) 2014-01-07 2019-10-01 Visa International Service Association Methods and systems for provisioning multiple devices
US20150199679A1 (en) 2014-01-13 2015-07-16 Karthikeyan Palanisamy Multiple token provisioning
US9846878B2 (en) 2014-01-14 2017-12-19 Visa International Service Association Payment account identifier system
AU2015214271B2 (en) 2014-02-04 2019-06-27 Visa International Service Association Token verification using limited use certificates
AU2015231418A1 (en) 2014-03-18 2016-09-29 Visa International Service Association Systems and methods for locally derived tokens
US20150278799A1 (en) 2014-03-27 2015-10-01 Karthikeyan Palanisamy System incorporating wireless share process
US10026087B2 (en) 2014-04-08 2018-07-17 Visa International Service Association Data passed in an interaction
CN106462850A (zh) 2014-04-16 2017-02-22 维萨国际服务协会 支付凭证的安全传输
US9942043B2 (en) 2014-04-23 2018-04-10 Visa International Service Association Token security on a communication device
WO2015168334A1 (fr) 2014-05-01 2015-11-05 Visa International Service Association Vérification de données à l'aide d'un dispositif d'accès
WO2015171625A1 (fr) 2014-05-05 2015-11-12 Visa International Service Association Système et procédé de contrôle de domaine de jeton
AU2015259162B2 (en) 2014-05-13 2020-08-13 Visa International Service Association Master applet for secure remote payment processing
AU2015264124B2 (en) 2014-05-21 2019-05-09 Visa International Service Association Offline authentication
US11023890B2 (en) 2014-06-05 2021-06-01 Visa International Service Association Identification and verification for provisioning mobile application
US9717108B2 (en) 2014-06-20 2017-07-25 Visa International Service Association Midrange contactless transactions
US9780953B2 (en) 2014-07-23 2017-10-03 Visa International Service Association Systems and methods for secure detokenization
US10484345B2 (en) 2014-07-31 2019-11-19 Visa International Service Association System and method for identity verification across mobile applications
US9779345B2 (en) 2014-08-11 2017-10-03 Visa International Service Association Mobile device with scannable image including dynamic data
US9775029B2 (en) * 2014-08-22 2017-09-26 Visa International Service Association Embedding cloud-based functionalities in a communication device
AU2015308608B2 (en) 2014-08-29 2019-07-04 Visa International Service Association Methods for secure cryptogram generation
SG10201810140QA (en) 2014-09-26 2018-12-28 Visa Int Service Ass Remote server encrypted data provisioning system and methods
US11257074B2 (en) * 2014-09-29 2022-02-22 Visa International Service Association Transaction risk based token
JP2017531873A (ja) 2014-10-10 2017-10-26 ビザ インターナショナル サービス アソシエーション モバイルアプリケーションの更新中に部分パーソナライゼーションを行うための方法とシステム
US10015147B2 (en) 2014-10-22 2018-07-03 Visa International Service Association Token enrollment system and method
US10325261B2 (en) 2014-11-25 2019-06-18 Visa International Service Association Systems communications with non-sensitive identifiers
SG11201702763TA (en) 2014-11-26 2017-05-30 Visa Int Service Ass Tokenization request via access device
US10257185B2 (en) 2014-12-12 2019-04-09 Visa International Service Association Automated access data provisioning
US11580519B2 (en) 2014-12-12 2023-02-14 Visa International Service Association Provisioning platform for machine-to-machine devices
BR112017011524A2 (pt) * 2014-12-29 2018-06-19 Visa Int Service Ass dispositivo de comunicação portátil, método para atualizar um aplicativo móvel instalado em um dispositivo de comunicação portátil, e, servidor para fornecer uma atualização a um aplicativo móvel instalado em um dispositivo de comunicação portátil.
US10096009B2 (en) 2015-01-20 2018-10-09 Visa International Service Association Secure payment processing using authorization request
US20160217461A1 (en) 2015-01-23 2016-07-28 Ajit Gaddam Transaction utilizing anonymized user data
CN107210914B (zh) 2015-01-27 2020-11-03 维萨国际服务协会 用于安全凭证供应的方法
US11250391B2 (en) 2015-01-30 2022-02-15 Visa International Service Association Token check offline
US10977657B2 (en) 2015-02-09 2021-04-13 Visa International Service Association Token processing utilizing multiple authorizations
WO2016130764A1 (fr) 2015-02-13 2016-08-18 Visa International Service Association Autorisation de transfert homologue de demandes numériques
CN107210918B (zh) 2015-02-17 2021-07-27 维萨国际服务协会 用于使用基于交易特定信息的令牌和密码的交易处理的装置和方法
US10164996B2 (en) 2015-03-12 2018-12-25 Visa International Service Association Methods and systems for providing a low value token buffer
US9998978B2 (en) 2015-04-16 2018-06-12 Visa International Service Association Systems and methods for processing dormant virtual access devices
RU2018117661A (ru) 2015-10-15 2019-11-18 Виза Интернэшнл Сервис Ассосиэйшн Система мгновенной выдачи маркеров
EP3400696B1 (fr) 2016-01-07 2020-05-13 Visa International Service Association Systèmes et procédés de fourniture de push pour dispositif
US11501288B2 (en) 2016-02-09 2022-11-15 Visa International Service Association Resource provider account token provisioning and processing
US10313321B2 (en) 2016-04-07 2019-06-04 Visa International Service Association Tokenization of co-network accounts
US11232435B2 (en) * 2016-06-01 2022-01-25 Mastercard International Incorporated Systems and methods for use in facilitating network transactions
GB2551775A (en) * 2016-06-30 2018-01-03 Ipco 2012 Ltd Communications device, point of sale device, payment device and methods
AU2017295842A1 (en) 2016-07-11 2018-11-01 Visa International Service Association Encryption key exchange process using access device
US10509779B2 (en) 2016-09-14 2019-12-17 Visa International Service Association Self-cleaning token vault
US10915899B2 (en) 2017-03-17 2021-02-09 Visa International Service Association Replacing token on a multi-token user device
US10902418B2 (en) 2017-05-02 2021-01-26 Visa International Service Association System and method using interaction token

Also Published As

Publication number Publication date
BR112018076196A2 (pt) 2019-03-26
AU2017295842A1 (en) 2018-11-01
EP3482337A2 (fr) 2019-05-15
CN116471105A (zh) 2023-07-21
SG11201808998RA (en) 2018-11-29
EP3929788A1 (fr) 2021-12-29
US11714885B2 (en) 2023-08-01
CN109643354A (zh) 2019-04-16
US20220100828A1 (en) 2022-03-31
US11238140B2 (en) 2022-02-01
WO2018013431A3 (fr) 2018-02-22
SG10202110839VA (en) 2021-11-29
US20200314644A1 (en) 2020-10-01
EP3482337A4 (fr) 2019-05-15
CN109643354B (zh) 2023-06-06
WO2018013431A2 (fr) 2018-01-18

Similar Documents

Publication Publication Date Title
US11714885B2 (en) Encryption key exchange process using access device
US11875344B2 (en) Cloud-based transactions with magnetic secure transmission
US10909522B2 (en) Cloud-based transactions methods and systems
AU2021240119B2 (en) Location verification during dynamic data transactions
US11036873B2 (en) Embedding cloud-based functionalities in a communication device
US20220019995A1 (en) Limited-use keys and cryptograms
US20210042753A1 (en) Offline authentication
US20240020676A1 (en) Portable device loading mechanism for account access

Legal Events

Date Code Title Description
STAA Information on the status of an ep patent application or granted ep patent

Free format text: STATUS: THE INTERNATIONAL PUBLICATION HAS BEEN MADE

PUAI Public reference made under article 153(3) epc to a published international application that has entered the european phase

Free format text: ORIGINAL CODE: 0009012

STAA Information on the status of an ep patent application or granted ep patent

Free format text: STATUS: REQUEST FOR EXAMINATION WAS MADE

17P Request for examination filed

Effective date: 20190211

A4 Supplementary search report drawn up and despatched

Effective date: 20190306

AK Designated contracting states

Kind code of ref document: A2

Designated state(s): AL AT BE BG CH CY CZ DE DK EE ES FI FR GB GR HR HU IE IS IT LI LT LU LV MC MK MT NL NO PL PT RO RS SE SI SK SM TR

AX Request for extension of the european patent

Extension state: BA ME

DAV Request for validation of the european patent (deleted)
DAX Request for extension of the european patent (deleted)
STAA Information on the status of an ep patent application or granted ep patent

Free format text: STATUS: EXAMINATION IS IN PROGRESS

17Q First examination report despatched

Effective date: 20200416

STAA Information on the status of an ep patent application or granted ep patent

Free format text: STATUS: EXAMINATION IS IN PROGRESS

REG Reference to a national code

Ref country code: DE

Ref legal event code: R079

Ref document number: 602017046894

Country of ref document: DE

Free format text: PREVIOUS MAIN CLASS: G06F0021620000

Ipc: H04L0009060000

GRAP Despatch of communication of intention to grant a patent

Free format text: ORIGINAL CODE: EPIDOSNIGR1

STAA Information on the status of an ep patent application or granted ep patent

Free format text: STATUS: GRANT OF PATENT IS INTENDED

RIC1 Information provided on ipc code assigned before grant

Ipc: H04W 12/0471 20210101ALI20210308BHEP

Ipc: H04W 12/041 20210101ALI20210308BHEP

Ipc: H04W 12/033 20210101ALI20210308BHEP

Ipc: H04L 9/32 20060101ALI20210308BHEP

Ipc: H04L 9/08 20060101ALI20210308BHEP

Ipc: G06F 21/62 20130101ALI20210308BHEP

Ipc: H04W 12/04 20210101ALI20210308BHEP

Ipc: H04W 12/02 20090101ALI20210308BHEP

Ipc: H04L 29/06 20060101ALI20210308BHEP

Ipc: G06F 21/31 20130101ALI20210308BHEP

Ipc: G06F 21/60 20130101ALI20210308BHEP

Ipc: H04L 9/06 20060101AFI20210308BHEP

INTG Intention to grant announced

Effective date: 20210409

GRAS Grant fee paid

Free format text: ORIGINAL CODE: EPIDOSNIGR3

GRAA (expected) grant

Free format text: ORIGINAL CODE: 0009210

STAA Information on the status of an ep patent application or granted ep patent

Free format text: STATUS: THE PATENT HAS BEEN GRANTED

AK Designated contracting states

Kind code of ref document: B1

Designated state(s): AL AT BE BG CH CY CZ DE DK EE ES FI FR GB GR HR HU IE IS IT LI LT LU LV MC MK MT NL NO PL PT RO RS SE SI SK SM TR

REG Reference to a national code

Ref country code: GB

Ref legal event code: FG4D

REG Reference to a national code

Ref country code: DE

Ref legal event code: R096

Ref document number: 602017046894

Country of ref document: DE

REG Reference to a national code

Ref country code: CH

Ref legal event code: EP

Ref country code: AT

Ref legal event code: REF

Ref document number: 1435187

Country of ref document: AT

Kind code of ref document: T

Effective date: 20211015

REG Reference to a national code

Ref country code: IE

Ref legal event code: FG4D

REG Reference to a national code

Ref country code: LT

Ref legal event code: MG9D

PG25 Lapsed in a contracting state [announced via postgrant information from national office to epo]

Ref country code: FI

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20210929

Ref country code: HR

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20210929

Ref country code: SE

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20210929

Ref country code: RS

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20210929

Ref country code: BG

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20211229

Ref country code: LT

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20210929

Ref country code: NO

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20211229

REG Reference to a national code

Ref country code: NL

Ref legal event code: MP

Effective date: 20210929

REG Reference to a national code

Ref country code: AT

Ref legal event code: MK05

Ref document number: 1435187

Country of ref document: AT

Kind code of ref document: T

Effective date: 20210929

PG25 Lapsed in a contracting state [announced via postgrant information from national office to epo]

Ref country code: LV

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20210929

Ref country code: GR

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20211230

PG25 Lapsed in a contracting state [announced via postgrant information from national office to epo]

Ref country code: AT

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20210929

PG25 Lapsed in a contracting state [announced via postgrant information from national office to epo]

Ref country code: IS

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20220129

Ref country code: SK

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20210929

Ref country code: RO

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20210929

Ref country code: PT

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20220131

Ref country code: PL

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20210929

Ref country code: NL

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20210929

Ref country code: ES

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20210929

Ref country code: EE

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20210929

Ref country code: CZ

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20210929

Ref country code: AL

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20210929

REG Reference to a national code

Ref country code: DE

Ref legal event code: R097

Ref document number: 602017046894

Country of ref document: DE

PG25 Lapsed in a contracting state [announced via postgrant information from national office to epo]

Ref country code: DK

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20210929

PLBE No opposition filed within time limit

Free format text: ORIGINAL CODE: 0009261

STAA Information on the status of an ep patent application or granted ep patent

Free format text: STATUS: NO OPPOSITION FILED WITHIN TIME LIMIT

26N No opposition filed

Effective date: 20220630

PG25 Lapsed in a contracting state [announced via postgrant information from national office to epo]

Ref country code: SI

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20210929

PG25 Lapsed in a contracting state [announced via postgrant information from national office to epo]

Ref country code: IT

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20210929

PG25 Lapsed in a contracting state [announced via postgrant information from national office to epo]

Ref country code: MC

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20210929

REG Reference to a national code

Ref country code: CH

Ref legal event code: PL

REG Reference to a national code

Ref country code: BE

Ref legal event code: MM

Effective date: 20220731

PG25 Lapsed in a contracting state [announced via postgrant information from national office to epo]

Ref country code: LU

Free format text: LAPSE BECAUSE OF NON-PAYMENT OF DUE FEES

Effective date: 20220707

Ref country code: LI

Free format text: LAPSE BECAUSE OF NON-PAYMENT OF DUE FEES

Effective date: 20220731

Ref country code: CH

Free format text: LAPSE BECAUSE OF NON-PAYMENT OF DUE FEES

Effective date: 20220731

PG25 Lapsed in a contracting state [announced via postgrant information from national office to epo]

Ref country code: BE

Free format text: LAPSE BECAUSE OF NON-PAYMENT OF DUE FEES

Effective date: 20220731

P01 Opt-out of the competence of the unified patent court (upc) registered

Effective date: 20230511

PG25 Lapsed in a contracting state [announced via postgrant information from national office to epo]

Ref country code: IE

Free format text: LAPSE BECAUSE OF NON-PAYMENT OF DUE FEES

Effective date: 20220707

PG25 Lapsed in a contracting state [announced via postgrant information from national office to epo]

Ref country code: HU

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT; INVALID AB INITIO

Effective date: 20170707

PG25 Lapsed in a contracting state [announced via postgrant information from national office to epo]

Ref country code: SM

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20210929

Ref country code: MK

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20210929

Ref country code: CY

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20210929

PG25 Lapsed in a contracting state [announced via postgrant information from national office to epo]

Ref country code: TR

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20210929

PGFP Annual fee paid to national office [announced via postgrant information from national office to epo]

Ref country code: GB

Payment date: 20240620

Year of fee payment: 8

PGFP Annual fee paid to national office [announced via postgrant information from national office to epo]

Ref country code: FR

Payment date: 20240619

Year of fee payment: 8

PG25 Lapsed in a contracting state [announced via postgrant information from national office to epo]

Ref country code: MT

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20210929

PGFP Annual fee paid to national office [announced via postgrant information from national office to epo]

Ref country code: DE

Payment date: 20240619

Year of fee payment: 8